diff --git a/src/proxyauth.js b/src/proxyauth.js
index 1722f6fd6..27911c432 100644
--- a/src/proxyauth.js
+++ b/src/proxyauth.js
@@ -160,9 +160,19 @@ function authorize(req, res, next) {
     });
 }
 
-function logoutPage(req, res) {
-    res.clearCookie('authToken');
-    res.redirect(302, '/'); // do not redirect to '/login' as it may not be protected
+function logoutPage(req, res, next) {
+    const appId = req.headers['x-app-id'] || '';
+    if (!appId) return next(new HttpError(503, 'Nginx misconfiguration'));
+
+    apps.get(appId, function (error, app) {
+        if (error) return next(new HttpError(503, error.message));
+
+        res.clearCookie('authToken');
+
+        // when we have no path, redirect to the login page. we cannot redirect to '/' because browsers will immediately serve up the cached page
+        // if a path is set, we can assume '/' is a public page
+        res.redirect(302, app.manifest.addons.proxyAuth.path ? '/' : '/login');
+    });
 }
 
 function logout(req, res, next) {