diff --git a/addons/website/models/ir_http.py b/addons/website/models/ir_http.py
index a145a30860e..9e30a07a64a 100644
--- a/addons/website/models/ir_http.py
+++ b/addons/website/models/ir_http.py
@@ -54,10 +54,14 @@ class ir_http(orm.AbstractModel):
         request.website_multilang = request.website_enabled and func and func.routing.get('multilang', True)
 
         if request.website_enabled:
-            if func:
-                self._authenticate(func.routing['auth'])
-            else:
-                self._auth_method_public()
+            try:
+                if func:
+                    self._authenticate(func.routing['auth'])
+                else:
+                    self._auth_method_public()
+            except Exception as e:
+                return self._handle_exception(e)
+
             request.redirect = lambda url: werkzeug.utils.redirect(url_for(url))
             request.website = request.registry['website'].get_current_website(request.cr, request.uid, context=request.context)
             if first_pass:
diff --git a/openerp/addons/base/ir/ir_http.py b/openerp/addons/base/ir/ir_http.py
index 21c8b7ef941..b3a2e785ca3 100644
--- a/openerp/addons/base/ir/ir_http.py
+++ b/openerp/addons/base/ir/ir_http.py
@@ -58,12 +58,6 @@ class ir_http(osv.AbstractModel):
     def _auth_method_user(self):
         request.uid = request.session.uid
         if not request.uid:
-            if not request.params.get('noredirect'):
-                query = werkzeug.url_encode({
-                    'redirect': request.httprequest.url,
-                })
-                response = werkzeug.utils.redirect('/web/login?%s' % query)
-                werkzeug.exceptions.abort(response)
             raise http.SessionExpiredException("Session expired")
 
     def _auth_method_none(self):
@@ -97,7 +91,10 @@ class ir_http(osv.AbstractModel):
 
     def _handle_exception(self, exception):
         # If handle_exception returns something different than None, it will be used as a response
-        return request._handle_exception(exception)
+        try:
+            return request._handle_exception(exception)
+        except openerp.exceptions.AccessDenied:
+            return werkzeug.exceptions.Forbidden()
 
     def _dispatch(self):
         # locate the controller method
@@ -110,11 +107,8 @@ class ir_http(osv.AbstractModel):
         # check authentication level
         try:
             auth_method = self._authenticate(func.routing["auth"])
-        except Exception:
-            # force a Forbidden exception with the original traceback
-            return self._handle_exception(
-                convert_exception_to(
-                    werkzeug.exceptions.Forbidden))
+        except Exception as e:
+            return self._handle_exception(e)
 
         processing = self._postprocess_args(arguments, rule)
         if processing:
diff --git a/openerp/http.py b/openerp/http.py
index fe332c9ecb9..448a14e5958 100644
--- a/openerp/http.py
+++ b/openerp/http.py
@@ -542,6 +542,12 @@ class HttpRequest(WebRequest):
            be used as response."""
         try:
             return super(HttpRequest, self)._handle_exception(exception)
+        except SessionExpiredException:
+            if not request.params.get('noredirect'):
+                query = werkzeug.urls.url_encode({
+                    'redirect': request.httprequest.url,
+                })
+                return werkzeug.utils.redirect('/web/login?%s' % query)
         except werkzeug.exceptions.HTTPException, e:
             return e