diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js
index 5901cf5ead..56f7f12287 100644
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -331,6 +331,15 @@ authenticationController.doLogin = function (req, uid, callback) {
 };
 
 authenticationController.onSuccessfulLogin = function (req, uid, callback) {
+	// If already called once, return prematurely
+	if (req.res.locals.user) {
+		if (typeof callback === 'function') {
+			return setImmediate(callback);
+		}
+
+		return true;
+	}
+
 	var uuid = utils.generateUUID();
 
 	req.uid = uid;
@@ -392,7 +401,7 @@ authenticationController.onSuccessfulLogin = function (req, uid, callback) {
 		if (typeof callback === 'function') {
 			callback(err);
 		} else {
-			return false;
+			return !!err;
 		}
 	});
 };
diff --git a/src/middleware/index.js b/src/middleware/index.js
index d2dd50b663..316d5a2ea6 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -217,3 +217,20 @@ middleware.trimUploadTimestamps = function trimUploadTimestamps(req, res, next)
 
 	next();
 };
+
+middleware.validateAuth = function validateAuth(req, res, next) {
+	plugins.fireHook('static:auth.validate', {
+		user: res.locals.user,
+		strategy: res.locals.strategy,
+	}, function (err) {
+		if (err) {
+			return req.session.regenerate(function () {
+				req.uid = 0;
+				req.loggedIn = false;
+				next(err);
+			});
+		}
+
+		next();
+	});
+};
diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index a4341ddf36..11e8c03432 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -100,14 +100,23 @@ Auth.reloadRoutes = function (router, callback) {
 							return helpers.redirect(res, strategy.failureUrl !== undefined ? strategy.failureUrl : '/login');
 						}
 
-						req.login(user, function (err) {
-							if (err) {
-								return next(err);
-							}
-
-							helpers.redirect(res, strategy.successUrl !== undefined ? strategy.successUrl : '/');
-						});
+						res.locals.user = user;
+						res.locals.strategy = strategy;
+						next();
 					})(req, res, next);
+				},
+				Auth.middleware.validateAuth,
+				(req, res, next) => {
+					async.waterfall([
+						async.apply(req.login.bind(req), res.locals.user),
+						async.apply(controllers.authentication.onSuccessfulLogin, req, req.uid),
+					], function (err) {
+						if (err) {
+							return next(err);
+						}
+
+						helpers.redirect(res, strategy.successUrl !== undefined ? strategy.successUrl : '/');
+					});
 				});
 			});