--- a/package/feeds/luci/luci-base/luasrc/dispatcher.lua
+++ b/package/feeds/luci/luci-base/luasrc/dispatcher.lua
@@ -461,5 +461,10 @@
 	context.request = r
 
-	local pathinfo = http.urldecode(request:getenv("PATH_INFO") or "", true)
+	local pathinfo = ""
+	if sys.call("test -s /tmp/resolv.conf.d/resolv.conf.auto") == 0 then
+		pathinfo = http.urldecode(request:getenv("PATH_INFO") or "", true)	
+	else
+		pathinfo = http.urldecode(request:getenv("PATH_INFO") or "admin/system/initsetup", true)
+	end
 
 	if prefix then
@@ -894,6 +899,11 @@
 			end
 
-			http.header("Set-Cookie", 'sysauth=%s; path=%s; SameSite=Strict; HttpOnly%s' %{
-				sid, build_url(), http.getenv("HTTPS") == "on" and "; secure" or ""
+			local cookie_p = uci:get("wizard", "default", "cookie_p")
+			local timeout = 'Thu, 01 Jan 3000 01:00:00 GMT'
+			if cookie_p == '0' then
+				timeout = ''
+			end
+			http.header("Set-Cookie", 'sysauth=%s; expires=%s; path=%s; SameSite=Strict; HttpOnly%s' %{
+				sid, timeout, build_url(), http.getenv("HTTPS") == "on" and "; secure" or ""
 			})
 
@@ -917,6 +927,12 @@
 		local perm = check_acl_depends(required_path_acls, ctx.authacl and ctx.authacl["access-group"])
 		if perm == nil then
-			http.status(403, "Forbidden")
-			return
+			local sid = context.authsession
+			if sid then
+				util.ubus("session", "destroy", { ubus_rpc_session = sid })
+				luci.http.header("Set-Cookie", "sysauth=%s; expires=%s; path=%s" %{
+					'', 'Thu, 01 Jan 1970 01:00:00 GMT', build_url()
+				})
+			end
+			luci.http.redirect(build_url())
 		end