diff --git a/lib/galaxy/webapps/galaxy/controllers/authnz.py b/lib/galaxy/webapps/galaxy/controllers/authnz.py
index af7330e5c0c0..f7e3f459ec3f 100644
--- a/lib/galaxy/webapps/galaxy/controllers/authnz.py
+++ b/lib/galaxy/webapps/galaxy/controllers/authnz.py
@@ -79,7 +79,10 @@ def login(self, trans, provider, idphint=None, next=None):
             log.debug(msg)
             return trans.show_error_message(msg)
         if next:
-            trans.set_cookie(value=next, name=LOGIN_NEXT_COOKIE_NAME)
+            trans.set_cookie(value=next, name=LOGIN_NEXT_COOKIE_NAME, age=1)
+        else:
+            # If no next parameter is provided, ensure we unset any existing next cookie.
+            trans.set_cookie(value="/", name=LOGIN_NEXT_COOKIE_NAME)
         success, message, redirect_uri = trans.app.authnz_manager.authenticate(provider, trans, idphint)
         if success:
             return {"redirect_uri": redirect_uri}
@@ -138,6 +141,8 @@ def callback(self, trans, provider, idphint=None, **kwargs):
         trans.handle_user_login(user)
         # Record which idp provider was logged into, so we can logout of it later
         trans.set_cookie(value=provider, name=PROVIDER_COOKIE_NAME)
+        # Clear the login next cookie back to default.
+        trans.set_cookie(value="/", name=LOGIN_NEXT_COOKIE_NAME)
         return trans.response.send_redirect(url_for(redirect_url))
 
     @web.expose