I may have a fix for #964.
If web.authenticateViewPages is set to true, and when the session is invalidated due to server restart or if the max inactive interval has been reached (default 30mn) :
It seems it was missing the redirect to the saved target url to render the correct page
add missing redirect after restoring user in new session
Thanks @mereth that's a great one-liner and does appear to have fixed #964