diff --git a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
index 94813a1902..1600f01e2c 100644
--- a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
+++ b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
@@ -24,30 +24,6 @@ class AphrontDefaultApplicationConfiguration
           => 'PhabricatorTypeaheadCommonDatasourceController',
       ),
 
-      '/login/' => array(
-        '' => 'PhabricatorLoginController',
-        'email/' => 'PhabricatorEmailLoginController',
-        'etoken/(?P<token>\w+)/' => 'PhabricatorEmailTokenController',
-        'refresh/' => 'PhabricatorRefreshCSRFController',
-        'validate/' => 'PhabricatorLoginValidateController',
-        'mustverify/' => 'PhabricatorMustVerifyEmailController',
-      ),
-
-      '/logout/' => 'PhabricatorLogoutController',
-
-      '/oauth/' => array(
-        '(?P<provider>\w+)/' => array(
-          'login/'     => 'PhabricatorOAuthLoginController',
-          'diagnose/'  => 'PhabricatorOAuthDiagnosticsController',
-          'unlink/'    => 'PhabricatorOAuthUnlinkController',
-        ),
-      ),
-
-      '/ldap/' => array(
-        'login/' => 'PhabricatorLDAPLoginController',
-        'unlink/'    => 'PhabricatorLDAPUnlinkController',
-      ),
-
       '/oauthserver/' => array(
         'auth/'          => 'PhabricatorOAuthServerAuthController',
         'test/'          => 'PhabricatorOAuthServerTestController',
diff --git a/src/applications/auth/application/PhabricatorApplicationAuth.php b/src/applications/auth/application/PhabricatorApplicationAuth.php
index 68a3bd3177..0a5a263042 100644
--- a/src/applications/auth/application/PhabricatorApplicationAuth.php
+++ b/src/applications/auth/application/PhabricatorApplicationAuth.php
@@ -41,6 +41,29 @@ final class PhabricatorApplicationAuth extends PhabricatorApplication {
         'start/' => 'PhabricatorAuthStartController',
         'validate/' => 'PhabricatorAuthValidateController',
       ),
+
+      '/login/' => array(
+        '' => 'PhabricatorLoginController',
+        'email/' => 'PhabricatorEmailLoginController',
+        'etoken/(?P<token>\w+)/' => 'PhabricatorEmailTokenController',
+        'refresh/' => 'PhabricatorRefreshCSRFController',
+        'mustverify/' => 'PhabricatorMustVerifyEmailController',
+      ),
+
+      '/logout/' => 'PhabricatorLogoutController',
+
+      '/oauth/' => array(
+        '(?P<provider>\w+)/' => array(
+          'login/'     => 'PhabricatorOAuthLoginController',
+          'diagnose/'  => 'PhabricatorOAuthDiagnosticsController',
+          'unlink/'    => 'PhabricatorOAuthUnlinkController',
+        ),
+      ),
+
+      '/ldap/' => array(
+        'login/' => 'PhabricatorLDAPLoginController',
+        'unlink/'    => 'PhabricatorLDAPUnlinkController',
+      ),
     );
   }
 
diff --git a/src/applications/auth/controller/PhabricatorEmailTokenController.php b/src/applications/auth/controller/PhabricatorEmailTokenController.php
index 6681b97118..1edd109011 100644
--- a/src/applications/auth/controller/PhabricatorEmailTokenController.php
+++ b/src/applications/auth/controller/PhabricatorEmailTokenController.php
@@ -71,11 +71,9 @@ final class PhabricatorEmailTokenController
     $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
       $target_email->setIsVerified(1);
       $target_email->save();
-      $session_key = $target_user->establishSession('web');
     unset($unguarded);
 
-    $request->setCookie('phusr', $target_user->getUsername());
-    $request->setCookie('phsid', $session_key);
+    $this->establishWebSession($target_user);
 
     $next = '/';
     if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
@@ -95,14 +93,8 @@ final class PhabricatorEmailTokenController
           ));
     }
 
-    $uri = new PhutilURI('/login/validate/');
-    $uri->setQueryParams(
-      array(
-        'phusr' => $target_user->getUsername(),
-        'next'  => $next,
-      ));
+    $request->setCookie('next_uri', $next);
 
-    return id(new AphrontRedirectResponse())
-      ->setURI((string)$uri);
+    return $this->buildLoginValidateResponse($target_user);
   }
 }
diff --git a/src/applications/auth/controller/PhabricatorLDAPLoginController.php b/src/applications/auth/controller/PhabricatorLDAPLoginController.php
index 945e78dc61..99a3628024 100644
--- a/src/applications/auth/controller/PhabricatorLDAPLoginController.php
+++ b/src/applications/auth/controller/PhabricatorLDAPLoginController.php
@@ -81,27 +81,18 @@ final class PhabricatorLDAPLoginController extends PhabricatorAuthController {
             ->setURI('/settings/panel/ldap/');
         }
 
-        if ($ldap_info->getID()) {
+        if ($ldap_info->getUserPHID()) {
           $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
 
           $known_user = id(new PhabricatorUser())->loadOneWhere(
             'phid = %s',
             $ldap_info->getUserPHID());
 
-          $session_key = $known_user->establishSession('web');
-
           $this->saveLDAPInfo($ldap_info);
 
-          $request->setCookie('phusr', $known_user->getUsername());
-          $request->setCookie('phsid', $session_key);
+          $this->establishWebSession($known_user);
 
-          $uri = new PhutilURI('/login/validate/');
-          $uri->setQueryParams(
-            array(
-              'phusr' => $known_user->getUsername(),
-            ));
-
-          return id(new AphrontRedirectResponse())->setURI((string)$uri);
+          return $this->buildLoginValidateResponse($known_user);
         }
 
         $controller = newv('PhabricatorLDAPRegistrationController',
diff --git a/src/applications/auth/controller/PhabricatorLoginController.php b/src/applications/auth/controller/PhabricatorLoginController.php
index 19b589934d..e0087f452f 100644
--- a/src/applications/auth/controller/PhabricatorLoginController.php
+++ b/src/applications/auth/controller/PhabricatorLoginController.php
@@ -138,18 +138,8 @@ final class PhabricatorLoginController
         }
 
         if (!$errors) {
-          $session_key = $user->establishSession('web');
-
-          $request->setCookie('phusr', $user->getUsername());
-          $request->setCookie('phsid', $session_key);
-
-          $uri = id(new PhutilURI('/login/validate/'))
-            ->setQueryParams(
-              array('phusr' => $user->getUsername()
-            ));
-
-          return id(new AphrontRedirectResponse())
-            ->setURI((string)$uri);
+          $this->establishWebSession($user);
+          return $this->buildLoginValidateResponse($user);
         } else {
           $log = PhabricatorUserLog::newLog(
             null,
diff --git a/src/applications/auth/controller/PhabricatorLoginValidateController.php b/src/applications/auth/controller/PhabricatorLoginValidateController.php
deleted file mode 100644
index 04b08b43f4..0000000000
--- a/src/applications/auth/controller/PhabricatorLoginValidateController.php
+++ /dev/null
@@ -1,80 +0,0 @@
-<?php
-
-final class PhabricatorLoginValidateController
-  extends PhabricatorAuthController {
-
-  public function shouldRequireLogin() {
-    return false;
-  }
-
-  public function processRequest() {
-    $request = $this->getRequest();
-
-    $failures = array();
-
-    if (!strlen($request->getStr('phusr'))) {
-      throw new Exception(
-        "Login validation is missing expected parameters!");
-    }
-
-    $expect_phusr = $request->getStr('phusr');
-    $actual_phusr = $request->getCookie('phusr');
-    if ($actual_phusr != $expect_phusr) {
-
-      if ($actual_phusr) {
-        $cookie_info = "sent back a cookie with the value '{$actual_phusr}'.";
-      } else {
-        $cookie_info = "did not accept the cookie.";
-      }
-
-      $failures[] =
-        "Attempted to set 'phusr' cookie to '{$expect_phusr}', but your ".
-        "browser {$cookie_info}";
-    }
-
-    if (!$failures) {
-      if (!$request->getUser()->getPHID()) {
-        $failures[] = "Cookies were set correctly, but your session ".
-                      "isn't valid.";
-      }
-    }
-
-    if ($failures) {
-
-      $list = array();
-      foreach ($failures as $failure) {
-        $list[] = phutil_tag('li', array(), $failure);
-      }
-      $list = phutil_tag('ul', array(), $list);
-
-      $view = new AphrontRequestFailureView();
-      $view->setHeader(pht('Login Failed'));
-      $view->appendChild(hsprintf(
-        '<p>%s</p>%s<p>%s</p>',
-        pht('Login failed:'),
-        $list,
-        pht(
-          '<strong>Clear your cookies</strong> and try again.',
-          hsprintf(''))));
-      $view->appendChild(hsprintf(
-        '<div class="aphront-failure-continue">'.
-          '<a class="button" href="/login/">%s</a>'.
-        '</div>',
-        pht('Try Again')));
-      return $this->buildStandardPageResponse(
-        $view,
-        array(
-          'title' => pht('Login Failed'),
-        ));
-    }
-
-    $next = nonempty($request->getStr('next'), $request->getCookie('next_uri'));
-    $request->clearCookie('next_uri');
-    if (!PhabricatorEnv::isValidLocalWebResource($next)) {
-      $next = '/';
-    }
-
-    return id(new AphrontRedirectResponse())->setURI($next);
-  }
-
-}
diff --git a/src/applications/auth/controller/PhabricatorOAuthLoginController.php b/src/applications/auth/controller/PhabricatorOAuthLoginController.php
index 0feea708b8..59a8973e7c 100644
--- a/src/applications/auth/controller/PhabricatorOAuthLoginController.php
+++ b/src/applications/auth/controller/PhabricatorOAuthLoginController.php
@@ -146,20 +146,11 @@ final class PhabricatorOAuthLoginController
         $oauth_info,
         $provider);
 
-      $session_key = $known_user->establishSession('web');
-
       $this->saveOAuthInfo($oauth_info);
 
-      $request->setCookie('phusr', $known_user->getUsername());
-      $request->setCookie('phsid', $session_key);
+      $this->establishWebSession($known_user);
 
-      $uri = new PhutilURI('/login/validate/');
-      $uri->setQueryParams(
-        array(
-          'phusr' => $known_user->getUsername(),
-        ));
-
-      return id(new AphrontRedirectResponse())->setURI((string)$uri);
+      return $this->buildLoginValidateResponse($known_user);
     }
 
     $oauth_email = $provider->retrieveUserEmail();