diff --git a/EnvelopeGenerator.Web/Controllers/HomeController.cs b/EnvelopeGenerator.Web/Controllers/HomeController.cs
index 3124b938..daaf793a 100644
--- a/EnvelopeGenerator.Web/Controllers/HomeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/HomeController.cs
@@ -164,7 +164,8 @@ namespace EnvelopeGenerator.Web.Controllers
 
                                         var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
                                         var authProperties = new AuthenticationProperties {
-                                            AllowRefresh = false
+                                            AllowRefresh = false,
+                                            IsPersistent = false
                                         };
 
                                         await HttpContext.SignInAsync(
@@ -187,14 +188,17 @@ namespace EnvelopeGenerator.Web.Controllers
                         else
                         {
                             database.Services.actionService.EnterIncorrectAccessCode(response.Envelope, response.Receiver); //for history
-                            return Unauthorized();
-
+                            Response.StatusCode = StatusCodes.Status401Unauthorized;
+                            return View("EnvelopeLocked")
+                                    .WithData("UserLanguage", UserLanguage ?? _cultures.Default.Language);
                         }
                     },
                     Fail: (messages, notices) =>
                     {
                         _logger.LogNotice(notices);
-                        return Unauthorized();
+                        Response.StatusCode = StatusCodes.Status401Unauthorized;
+                        return View("EnvelopeLocked")
+                                .WithData("UserLanguage", UserLanguage ?? _cultures.Default.Language);
                     });
             }
             catch(Exception ex)
diff --git a/EnvelopeGenerator.Web/Program.cs b/EnvelopeGenerator.Web/Program.cs
index 63683680..165a28d9 100644
--- a/EnvelopeGenerator.Web/Program.cs
+++ b/EnvelopeGenerator.Web/Program.cs
@@ -58,9 +58,8 @@ try
     {
         //remove option for Test*Controller
         options.Conventions.Add(new RemoveIfControllerConvention()
-            .AndIf(_ => !builder.IsDevOrDiP())
             .AndIf(c => c.ControllerName.StartsWith("Test"))
-            .AndIf(_ => !config.GetValue<bool>("EnableTestControllers")));
+            .AndIf(_ => !builder.IsDevOrDiP() || !config.GetValue<bool>("EnableTestControllers")));
     }).AddJsonOptions(q =>
     {
         // Prevents serialization error when serializing SvgBitmap in EnvelopeReceiver
@@ -129,7 +128,7 @@ try
         options.Cookie.HttpOnly = true;         // Makes the cookie inaccessible to client-side scripts for security
         options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
         options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
-        options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
+        options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
 
         options.Events = new CookieAuthenticationEvents
         {