diff --git a/server/auth/types/openid/openid_auth.ts b/server/auth/types/openid/openid_auth.ts
index accabb7c1..5192e9634 100644
--- a/server/auth/types/openid/openid_auth.ts
+++ b/server/auth/types/openid/openid_auth.ts
@@ -25,13 +25,17 @@ import {
   LifecycleResponseFactory,
   AuthToolkit,
   IOpenSearchDashboardsResponse,
+  AuthResult,
 } from 'opensearch-dashboards/server';
 import HTTP from 'http';
 import HTTPS from 'https';
 import { PeerCertificate } from 'tls';
 import { Server, ServerStateCookieOptions } from '@hapi/hapi';
 import { SecurityPluginConfigType } from '../../..';
-import { SecuritySessionCookie } from '../../../session/security_cookie';
+import {
+  SecuritySessionCookie,
+  clearOldVersionCookieValue,
+} from '../../../session/security_cookie';
 import { OpenIdAuthRoutes } from './routes';
 import { AuthenticationType } from '../authentication_type';
 import { callTokenEndpoint } from './helper';
@@ -118,6 +122,22 @@ export class OpenIdAuthentication extends AuthenticationType {
     }
   }
 
+  private generateNextUrl(request: OpenSearchDashboardsRequest): string {
+    const path =
+      this.coreSetup.http.basePath.serverBasePath +
+      (request.url.pathname || '/app/opensearch-dashboards');
+    return escape(path);
+  }
+
+  private redirectOIDCCapture = (request: OpenSearchDashboardsRequest, toolkit: AuthToolkit) => {
+    const nextUrl = this.generateNextUrl(request);
+    const clearOldVersionCookie = clearOldVersionCookieValue(this.config);
+    return toolkit.redirected({
+      location: `${this.coreSetup.http.basePath.serverBasePath}/auth/openid/captureUrlFragment?nextUrl=${nextUrl}`,
+      'set-cookie': clearOldVersionCookie,
+    });
+  };
+
   private createWreckClient(): typeof wreck {
     const wreckHttpsOption: WreckHttpsOptions = {};
     if (this.config.openid?.root_ca) {
@@ -266,18 +286,9 @@ export class OpenIdAuthentication extends AuthenticationType {
     request: OpenSearchDashboardsRequest,
     response: LifecycleResponseFactory,
     toolkit: AuthToolkit
-  ): IOpenSearchDashboardsResponse {
+  ): IOpenSearchDashboardsResponse | AuthResult {
     if (this.isPageRequest(request)) {
-      // nextUrl is a key value pair
-      const nextUrl = composeNextUrlQueryParam(
-        request,
-        this.coreSetup.http.basePath.serverBasePath
-      );
-      return response.redirected({
-        headers: {
-          location: `${this.coreSetup.http.basePath.serverBasePath}${OPENID_AUTH_LOGIN}?${nextUrl}`,
-        },
-      });
+      return this.redirectOIDCCapture(request, toolkit);
     } else {
       return response.unauthorized();
     }
diff --git a/server/auth/types/openid/routes.ts b/server/auth/types/openid/routes.ts
index c26d09d96..5eca74665 100644
--- a/server/auth/types/openid/routes.ts
+++ b/server/auth/types/openid/routes.ts
@@ -24,7 +24,9 @@ import {
   OpenSearchDashboardsRequest,
   Logger,
 } from '../../../../../../src/core/server';
-import { SecuritySessionCookie } from '../../../session/security_cookie';
+import {
+  SecuritySessionCookie,
+} from '../../../session/security_cookie';
 import { SecurityPluginConfigType } from '../../..';
 import { OpenIdAuthConfig } from './openid_auth';
 import { SecurityClient } from '../../../backend/opensearch_security_client';