diff --git a/core/Access.php b/core/Access.php
index 69614c2b746..92b9dff1bd7 100644
--- a/core/Access.php
+++ b/core/Access.php
@@ -745,14 +745,15 @@ private function throwNoAccessException($message)
     {
         if (Piwik::isUserIsAnonymous() && !Request::isRootRequestApiRequest()) {
             $message = Piwik::translate('General_YouMustBeLoggedIn');
-        }
-        // Try to detect whether user was previously logged in so that we can display a different message
-        $referrer = Url::getReferrer();
-        $matomoUrl = SettingsPiwik::getPiwikUrl();
-        if ($referrer && $matomoUrl && Url::isValidHost(Url::getHostFromUrl($referrer)) &&
-            strpos($referrer, $matomoUrl) === 0
-        ) {
-            $message = Piwik::translate('General_YourSessionHasExpired');
+
+            // Try to detect whether user was previously logged in so that we can display a different message
+            $referrer = Url::getReferrer();
+            $matomoUrl = SettingsPiwik::getPiwikUrl();
+            if ($referrer && $matomoUrl && Url::isValidHost(Url::getHostFromUrl($referrer)) &&
+                strpos($referrer, $matomoUrl) === 0
+            ) {
+                $message = Piwik::translate('General_YourSessionHasExpired');
+            }
         }
 
         throw new NoAccessException($message);
diff --git a/plugins/IntranetMeasurable/tests/UI/IntranetMeasurable_spec.js b/plugins/IntranetMeasurable/tests/UI/IntranetMeasurable_spec.js
index 0eb3f8c247b..17357ab2ee0 100644
--- a/plugins/IntranetMeasurable/tests/UI/IntranetMeasurable_spec.js
+++ b/plugins/IntranetMeasurable/tests/UI/IntranetMeasurable_spec.js
@@ -18,6 +18,11 @@ describe("IntranetMeasurable", function () {
         testEnvironment.save();
     });
 
+    after(async function () {
+        // ensure the newly created site is removed afterwards, so other tests reusing the fixture won't change results
+        await testEnvironment.callApi('SitesManager.deleteSite', { idSite: 64 });
+    });
+
     it("should show intranet selection", async function () {
         await page.goto(url);
         await (await page.jQuery('.SitesManager .addSite:first')).click();
diff --git a/plugins/Login/tests/UI/NoAccess_spec.js b/plugins/Login/tests/UI/NoAccess_spec.js
new file mode 100644
index 00000000000..d829962daaa
--- /dev/null
+++ b/plugins/Login/tests/UI/NoAccess_spec.js
@@ -0,0 +1,61 @@
+/*!
+ * Matomo - free/libre analytics platform
+ *
+ * login & password reset screenshot tests.
+ *
+ * @link https://matomo.org
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
+ */
+
+describe("NoAccess", function () {
+    this.timeout(0);
+
+    before(async function () {
+        testEnvironment.testUseMockAuth = 0;
+        testEnvironment.overrideConfig('General', 'login_session_not_remembered_idle_timeout', 1)
+        testEnvironment.save();
+
+        await page.clearCookies();
+    });
+
+    after(async function () {
+        testEnvironment.testUseMockAuth = 1;
+        testEnvironment.save();
+
+        await page.clearCookies();
+    });
+
+    it("should login successfully with user credentials and show error when a site without access is viewed", async function() {
+        await page.clearCookies();
+        await page.goto("?idSite=2");
+        await page.waitForNetworkIdle();
+        await page.type("#login_form_login", "oliverqueen");
+        await page.type("#login_form_password", "smartypants");
+        await page.evaluate(function(){
+            $('#login_form_submit').click();
+        });
+
+        await page.waitForNetworkIdle();
+
+        expect(await page.screenshot({ fullPage: true })).to.matchImage('login_noaccess');
+    });
+
+    it("should show session timeout error", async function() {
+        await page.clearCookies();
+        await page.goto("");
+        await page.waitForNetworkIdle();
+        await page.type("#login_form_login", "oliverqueen");
+        await page.type("#login_form_password", "smartypants");
+        await page.evaluate(function(){
+            $('#login_form_submit').click();
+        });
+
+        await page.waitFor(60500); // wait for session timeout
+
+        await page.click('#topmenu-corehome');
+        await page.waitForNetworkIdle();
+
+        expect(await page.screenshot({ fullPage: true })).to.matchImage('login_session_timeout');
+    });
+
+});
\ No newline at end of file
diff --git a/plugins/Login/tests/UI/expected-screenshots/NoAccess_login_noaccess.png b/plugins/Login/tests/UI/expected-screenshots/NoAccess_login_noaccess.png
new file mode 100644
index 00000000000..2391c68a794
--- /dev/null
+++ b/plugins/Login/tests/UI/expected-screenshots/NoAccess_login_noaccess.png
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3c2bf876689974ba0e3bbd46b1dd309877f1838809344d37e28633cd4b8c0bc9
+size 31939
diff --git a/plugins/Login/tests/UI/expected-screenshots/NoAccess_login_session_timeout.png b/plugins/Login/tests/UI/expected-screenshots/NoAccess_login_session_timeout.png
new file mode 100644
index 00000000000..cc31f293133
--- /dev/null
+++ b/plugins/Login/tests/UI/expected-screenshots/NoAccess_login_session_timeout.png
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c8c62cd426bd1fc44e9456bd1d7b65a424e52bb01cc919ddff6f07442abb50e1
+size 34146