diff --git a/src/Umbraco.Web.BackOffice/Security/ConfigureBackOfficeCookieOptions.cs b/src/Umbraco.Web.BackOffice/Security/ConfigureBackOfficeCookieOptions.cs
index f3db54093c..fd009eab23 100644
--- a/src/Umbraco.Web.BackOffice/Security/ConfigureBackOfficeCookieOptions.cs
+++ b/src/Umbraco.Web.BackOffice/Security/ConfigureBackOfficeCookieOptions.cs
@@ -77,19 +77,11 @@ namespace Umbraco.Web.BackOffice.Security
             options.Cookie.SecurePolicy = _globalSettings.UseHttps ? CookieSecurePolicy.Always : CookieSecurePolicy.SameAsRequest;
             options.Cookie.Path = "/";
 
-            // TODO: Review these, we shouldn't really be redirecting at all, need to check the source to see if we can prevent any redirects.
-            // I think we can do that by setting these to null in the events below, we cannot set them null here else they'll be replaced with defaults.
-            // OK ... so figured it out, we need to have certain headers in the request to ensure that aspnetcore knows it's an ajax request,
-            // see: https://github.com/dotnet/aspnetcore/blob/master/src/Security/Authentication/Cookies/src/CookieAuthenticationEvents.cs#L43
-            // and https://github.com/dotnet/aspnetcore/blob/master/src/Security/Authentication/Cookies/src/CookieAuthenticationEvents.cs#L104
-            // when those headers are set then it will respond with the correct status codes.
-            // OR we override `CookieAuthenticationEvents` with our own and do
-            // options.Events = new BackOfficeCookieAuthenticationEvents(); ... maybe that will give us more control anyways instead of using callbacks below?
-            // Those methods like OnRedirectToLogin  are get/set so we can replace their logic, though actually looking at the code, if we replace these callbacks like
-            // we are doing below then no redirections should occur but we may need to deal with the status code, we'll need to see
-            options.AccessDeniedPath = _globalSettings.GetBackOfficePath(_hostingEnvironment);
-            options.LoginPath = _globalSettings.GetBackOfficePath(_hostingEnvironment);
-            options.LogoutPath = _globalSettings.GetBackOfficePath(_hostingEnvironment);
+            // For any redirections that may occur for the back office, they all go to the same path
+            var backOfficePath = _globalSettings.GetBackOfficePath(_hostingEnvironment);
+            options.AccessDeniedPath = backOfficePath;
+            options.LoginPath = backOfficePath;
+            options.LogoutPath = backOfficePath;
 
             options.DataProtectionProvider = _dataProtection;