diff --git a/lib/web/auth.js b/lib/web/auth.js
index 7aeb7c91..5d851d39 100644
--- a/lib/web/auth.js
+++ b/lib/web/auth.js
@@ -24,7 +24,7 @@ function handleLogin(req, res) {
     var password = req.body.password;
     var rememberMe = req.body.remember;
     var dest = req.body.dest || req.header("referer") || null;
-    dest = dest.match(/login|logout/) ? null : dest;
+    dest = dest && dest.match(/login|logout/) ? null : dest;
 
     if (typeof name !== "string" || typeof password !== "string") {
         res.sendStatus(400);
@@ -122,7 +122,7 @@ function handleLogout(req, res) {
     res.clearCookie("auth");
     // Try to find an appropriate redirect
     var dest = req.query.dest || req.header("referer");
-    dest = dest.match(/login|logout|account/) ? null : dest;
+    dest = dest && dest.match(/login|logout|account/) ? null : dest;
 
     var host = req.hostname;
     if (host.indexOf(Config.get("http.root-domain")) !== -1) {