diff --git a/C4/Auth.pm b/C4/Auth.pm
index a8828800e7..c825136af1 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -1211,6 +1211,18 @@ sub checkauth {
             );
         }
 
+        # In case, that this request was a login attempt, we want to prevent that users can repost the opac login
+        # request. We therefore redirect the user to the requested page again without the login parameters.
+        # See Post/Redirect/Get (PRG) design pattern: https://en.wikipedia.org/wiki/Post/Redirect/Get
+        if ( $type eq "opac" && $query->param('koha_login_context') && $query->param('koha_login_context') ne 'sco' && $query->param('password') && $query->param('userid') ) {
+            my $uri = URI->new($query->url(-relative=>1, -query_string=>1));
+            $uri->query_param_delete('userid');
+            $uri->query_param_delete('password');
+            $uri->query_param_delete('koha_login_context');
+            print $query->redirect(-uri => $uri->as_string, -cookie => $cookie, -status=>'303 See other');
+            exit;
+        }
+
         track_login_daily( $userid );
 
         return ( $userid, $cookie, $sessionID, $flags );