diff --git a/src/pages/ProcessBrowserAuth.vue b/src/pages/ProcessBrowserAuth.vue
index 7a62563d20..56da3842b0 100644
--- a/src/pages/ProcessBrowserAuth.vue
+++ b/src/pages/ProcessBrowserAuth.vue
@@ -9,7 +9,9 @@ export default {
 	name: 'ProcessBrowserAuth',
 	inject: ['kvAuth0'],
 	mounted() {
-		const { state } = this.$route.query;
+		const { hash } = window.location;
+		const state = new URLSearchParams(hash?.substring(1) ?? '').get('state');
+
 		if (state) {
 			const auth0State = store2.session('auth0.state');
 			if (auth0State === state) {
@@ -18,9 +20,24 @@ export default {
 				store2.session.remove('auth0.state');
 				store2.session.remove('auth0.redirect');
 
-				this.$router.push(`${redirect}${window.location.hash}`);
+				this.$router.push(`${redirect}${hash}`);
+			} else {
+				this.goToErrorPage('state_mismatch');
 			}
+		} else {
+			this.goToErrorPage('missing_state');
 		}
 	},
+	methods: {
+		goToErrorPage(error) {
+			this.$router.push({
+				path: '/error',
+				query: {
+					error,
+					error_description: 'You may have clicked on an old or invalid link. Please try again.',
+				},
+			});
+		},
+	},
 };
 </script>