diff --git a/client/client.go b/client/client.go
index 3116ab8ba4e81e70de9907fc0831bcf14ed5f836..09da7879ed986d945ab2844e528deffe66ac88ff 100644
--- a/client/client.go
+++ b/client/client.go
@@ -177,9 +177,9 @@ func Sign(pub ssh.PublicKey, token string, conf *Config) (*ssh.Certificate, erro
 
 // Listener type contains information for the client listener.
 type Listener struct {
-	srv         *http.Server
-	ReceiverURL string
-	Token       chan string
+	srv   *http.Server
+	Port  int
+	Token chan string
 }
 
 // StartHTTPServer starts an http server in the background.
@@ -188,9 +188,9 @@ func StartHTTPServer() *Listener {
 		srv:   &http.Server{},
 		Token: make(chan string),
 	}
-	authCallbackURL := "/auth/callback" // TODO: Random?
+	authCallbackPath := "/auth/callback" // TODO: Random?
 
-	http.HandleFunc(authCallbackURL,
+	http.HandleFunc(authCallbackPath,
 		func(w http.ResponseWriter, r *http.Request) {
 			w.Header().Set("Content-Type", "text/html; charset=utf-8")
 			w.Write([]byte("<html><head><title>Authorized</title></head><body>Authorized. You can now close this window.</body></html>"))
@@ -203,9 +203,7 @@ func StartHTTPServer() *Listener {
 	if err != nil {
 		return nil
 	}
-	port := l.Addr().(*net.TCPAddr).Port
-	listener.ReceiverURL = fmt.Sprintf("http://localhost:%d%s",
-		port, authCallbackURL)
+	listener.Port = l.Addr().(*net.TCPAddr).Port
 
 	go func() {
 		err := listener.srv.Serve(l)
diff --git a/cmd/cashier/main.go b/cmd/cashier/main.go
index 4400e7c5bc4b1ffedb118f09d03e533c69206285..a08096ce0ac59ae85db5db2e26a18bc41af05233 100644
--- a/cmd/cashier/main.go
+++ b/cmd/cashier/main.go
@@ -7,7 +7,6 @@ import (
 	"fmt"
 	"log"
 	"net"
-	"net/url"
 	"os"
 	"os/user"
 	"path"
@@ -55,8 +54,7 @@ func main() {
 	if c.AutoToken {
 		listener = client.StartHTTPServer()
 		if listener != nil {
-			authURL = fmt.Sprintf("%s?auto_token=%s",
-				c.CA, url.PathEscape(listener.ReceiverURL))
+			authURL = fmt.Sprintf("%s?auto_token=%d", c.CA, listener.Port)
 		}
 	}
 	fmt.Printf("Your browser has been opened to visit %s\n", authURL)
diff --git a/server/handlers.go b/server/handlers.go
index 0b56cb5a89f70f89ecba01fdc29662b41943fcf7..b078c20de1cb0b2a53ae4904ac22eb9e11c2cb3b 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -116,10 +116,11 @@ func (a *app) auth(w http.ResponseWriter, r *http.Request) {
 
 func (a *app) index(w http.ResponseWriter, r *http.Request) {
 	tok := a.getAuthToken(r)
-	autoTokenURL := a.getSessionVariable(r, "auto_token")
-	if autoTokenURL != "" {
-		http.Redirect(w, r, fmt.Sprintf("%s?token=%s",
-			autoTokenURL, tok.AccessToken), http.StatusSeeOther)
+	autoToken := a.getSessionVariable(r, "auto_token")
+	if autoToken != "" {
+		http.Redirect(w, r,
+			fmt.Sprintf("http://localhost:%s/auth/callback?token=%s",
+				autoToken, tok.AccessToken), http.StatusSeeOther)
 	} else {
 		page := struct {
 			Token string