diff --git a/BTCPayServer/Security/CookieAuthorizationHandler.cs b/BTCPayServer/Security/CookieAuthorizationHandler.cs
index eba1b6dad..b11e48f56 100644
--- a/BTCPayServer/Security/CookieAuthorizationHandler.cs
+++ b/BTCPayServer/Security/CookieAuthorizationHandler.cs
@@ -66,8 +66,15 @@ namespace BTCPayServer.Security
                 if (routeData.Values.TryGetValue("appId", out var vAppId))
                 {
                     string appId = vAppId as string;
-                    app = await _appService.GetApp(appId, null);
-                    storeId ??= app?.StoreDataId;
+                    app = await _appService.GetAppDataIfOwner(userId, appId);
+                    if (storeId == null)
+                    {
+                        storeId = app?.StoreDataId;
+                    }
+                    else if (app?.StoreDataId != storeId)
+                    {
+                        app = null;
+                    }
                 }
                 // resolve from payment request
                 if (routeData.Values.TryGetValue("payReqId", out var vPayReqId))
diff --git a/BTCPayServer/Views/Manage/LoginCodes.cshtml b/BTCPayServer/Views/Manage/LoginCodes.cshtml
index 9bca5b208..cf549c191 100644
--- a/BTCPayServer/Views/Manage/LoginCodes.cshtml
+++ b/BTCPayServer/Views/Manage/LoginCodes.cshtml
@@ -1,6 +1,6 @@
 @model string
 @{
-    ViewData.SetActivePageAndTitle(ManageNavPages.LoginCodes, "Login codes");
+    ViewData.SetActivePage(ManageNavPages.LoginCodes, "Login codes");
 }
 <h2 class="mb-4">@ViewData["Title"]</h2>
 <p>Easily log into BTCPay Server on another device using a simple login code from an already authenticated device.</p>