diff --git a/lib/Cake/Controller/Component/AuthComponent.php b/lib/Cake/Controller/Component/AuthComponent.php
index 136707be08e..7a4e5fbd230 100644
--- a/lib/Cake/Controller/Component/AuthComponent.php
+++ b/lib/Cake/Controller/Component/AuthComponent.php
@@ -363,6 +363,7 @@ protected function _unauthenticated(Controller $controller) {
 			return false;
 		}
 		if (!empty($this->ajaxLogin)) {
+			$controller->response->statusCode(403);
 			$controller->viewPath = 'Elements';
 			echo $controller->render($this->ajaxLogin, $this->RequestHandler->ajaxLayout);
 			$this->_stop();
diff --git a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
index e5561580eed..54afee5e695 100644
--- a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
@@ -1106,11 +1106,13 @@ public function testAjaxLogin() {
 
 		App::uses('Dispatcher', 'Routing');
 
+		$Response = new CakeResponse();
 		ob_start();
 		$Dispatcher = new Dispatcher();
-		$Dispatcher->dispatch(new CakeRequest('/ajax_auth/add'), new CakeResponse(), array('return' => 1));
+		$Dispatcher->dispatch(new CakeRequest('/ajax_auth/add'), $Response, array('return' => 1));
 		$result = ob_get_clean();
 
+		$this->assertEquals(403, $Response->statusCode());
 		$this->assertEquals("Ajax!\nthis is the test element", str_replace("\r\n", "\n", $result));
 		unset($_SERVER['HTTP_X_REQUESTED_WITH']);
 	}