diff --git a/adapters/oidc/js/src/main/resources/keycloak.js b/adapters/oidc/js/src/main/resources/keycloak.js
index 01f0523511..e6af130f9c 100755
--- a/adapters/oidc/js/src/main/resources/keycloak.js
+++ b/adapters/oidc/js/src/main/resources/keycloak.js
@@ -210,11 +210,18 @@
             var nonce = createUUID();
 
             var redirectUri = adapter.redirectUri(options);
-            if (options && options.prompt) {
-                redirectUri += (redirectUri.indexOf('?') == -1 ? '?' : '&') + 'prompt=' + options.prompt;
+
+            var callbackState = {
+                state: state,
+                nonce: nonce,
+                redirectUri: encodeURIComponent(redirectUri),
             }
 
-            callbackStorage.add({ state: state, nonce: nonce, redirectUri: encodeURIComponent(redirectUri) });
+            if (options && options.prompt) {
+                callbackState.prompt = options.prompt;
+            }
+
+            callbackStorage.add(callbackState);
 
             var action = 'auth';
             if (options && options.action == 'register') {
@@ -747,6 +754,7 @@
             if (oauthState && (oauth.code || oauth.error || oauth.access_token || oauth.id_token)) {
                 oauth.redirectUri = oauthState.redirectUri;
                 oauth.storedNonce = oauthState.nonce;
+                oauth.prompt = oauthState.prompt;
 
                 if (oauth.fragment) {
                     oauth.newUrl += '#' + oauth.fragment;
@@ -1218,9 +1226,6 @@
                         case 'redirect_fragment':
                             oauth.fragment = queryParams[param];
                             break;
-                        case 'prompt':
-                            oauth.prompt = queryParams[param];
-                            break;
                         default:
                             if (responseMode != 'query' || !handleQueryParam(param, queryParams[param], oauth)) {
                                 oauth.newUrl += (oauth.newUrl.indexOf('?') == -1 ? '?' : '&') + param + '=' + queryParams[param];
diff --git a/adapters/oidc/js/src/main/resources/login-status-iframe.html b/adapters/oidc/js/src/main/resources/login-status-iframe.html
index 9bc8fd9f58..6bea92ade4 100755
--- a/adapters/oidc/js/src/main/resources/login-status-iframe.html
+++ b/adapters/oidc/js/src/main/resources/login-status-iframe.html
@@ -21,13 +21,16 @@
     var init;
 
     function checkState(clientId, origin, sessionState, callback) {
-        if (!init) {
+        var cookie = getCookie();
+
+        if (!cookie) {
+            callback('changed');
+        } else  if (!init) {
             var req = new XMLHttpRequest();
 
             var url = location.href + "/init";
             url += "?client_id=" + encodeURIComponent(clientId);
             url += "&origin=" + encodeURIComponent(origin);
-            url += "&session_state=" + encodeURIComponent(sessionState);
 
             req.open('GET', url, true);
 
@@ -50,7 +53,6 @@
             req.send();
         } else {
             if (clientId == init.clientId && origin == init.origin) {
-                var cookie = getCookie();
                 if (sessionState == cookie) {
                     callback('unchanged');
                 } else {
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java
index c46ba108d3..5d2d054fbd 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java
@@ -68,27 +68,19 @@ public class LoginStatusIframeEndpoint {
 
     @GET
     @Path("init")
-    public Response preCheck(@QueryParam("client_id") String clientId, @QueryParam("origin") String origin, @QueryParam("session_state") String sessionState) {
+    public Response preCheck(@QueryParam("client_id") String clientId, @QueryParam("origin") String origin) {
         try {
             RealmModel realm = session.getContext().getRealm();
-            String sessionId = sessionState.split("/")[2];
-            UserSessionModel userSession = session.sessions().getUserSession(realm, sessionId);
-            if (userSession == null) {
-                return Response.status(Response.Status.NOT_FOUND).build();
-            }
-
             ClientModel client = session.realms().getClientByClientId(clientId, realm);
             if (client != null) {
                 Set<String> validWebOrigins = WebOriginsUtils.resolveValidWebOrigins(uriInfo, client);
                 validWebOrigins.add(UriUtils.getOrigin(uriInfo.getRequestUri()));
-
                 if (validWebOrigins.contains(origin)) {
                     return Response.noContent().build();
                 }
             }
         } catch (Throwable t) {
         }
-
         return Response.status(Response.Status.FORBIDDEN).build();
     }
 
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LoginStatusIframeEndpointTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LoginStatusIframeEndpointTest.java
index 2d0a269c8e..4bb437c0b9 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LoginStatusIframeEndpointTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LoginStatusIframeEndpointTest.java
@@ -133,7 +133,6 @@ public class LoginStatusIframeEndpointTest extends AbstractKeycloakTest {
 
             get = new HttpGet(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/protocol/openid-connect/login-status-iframe.html/init?"
                 + "client_id=invalid"
-                + "&session_state=" + sessionCookie.getValue()
                 + "&origin=" + suiteContext.getAuthServerInfo().getContextRoot()
             );
             response = client.execute(get);
@@ -142,16 +141,6 @@ public class LoginStatusIframeEndpointTest extends AbstractKeycloakTest {
 
             get = new HttpGet(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/protocol/openid-connect/login-status-iframe.html/init?"
                 + "client_id=" + Constants.ADMIN_CONSOLE_CLIENT_ID
-                + "&session_state=invalid"
-                + "&origin=" + suiteContext.getAuthServerInfo().getContextRoot()
-            );
-            response = client.execute(get);
-            assertEquals(403, response.getStatusLine().getStatusCode());
-            response.close();
-
-            get = new HttpGet(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/protocol/openid-connect/login-status-iframe.html/init?"
-                + "client_id=" + Constants.ADMIN_CONSOLE_CLIENT_ID
-                + "&session_state=" + sessionCookie.getValue()
                 + "&origin=http://invalid"
             );
             response = client.execute(get);
@@ -160,16 +149,6 @@ public class LoginStatusIframeEndpointTest extends AbstractKeycloakTest {
 
             get = new HttpGet(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/protocol/openid-connect/login-status-iframe.html/init?"
                 + "client_id=" + Constants.ADMIN_CONSOLE_CLIENT_ID
-                + "&session_state=master/random/random"
-                + "&origin=" + suiteContext.getAuthServerInfo().getContextRoot()
-            );
-            response = client.execute(get);
-            assertEquals(404, response.getStatusLine().getStatusCode());
-            response.close();
-
-            get = new HttpGet(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/protocol/openid-connect/login-status-iframe.html/init?"
-                + "client_id=" + Constants.ADMIN_CONSOLE_CLIENT_ID
-                + "&session_state=" + sessionCookie.getValue()
                 + "&origin=" + suiteContext.getAuthServerInfo().getContextRoot()
             );
             response = client.execute(get);