diff --git a/CHANGELOG.md b/CHANGELOG.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,15 @@
+0.1.1.1
+=======
+
+* Disallow empty `userIdentity` to produce a successfull login.
+* Produces a 404 on `/favicon.ico` page if not logged in: work around for issue
+  with Chrome requesting it first and messing up the redirect url.
+* Added JQuery to the template, since it's bootstrap's requirement.
+
 0.1.1.0
 =======
 
 * Fixed whitelist email regex matching for Github and Google auth.
-
 
 0.1.0.0
 =======
diff --git a/app/Main.hs b/app/Main.hs
--- a/app/Main.hs
+++ b/app/Main.hs
@@ -3,7 +3,6 @@
 {-# LANGUAGE TemplateHaskell   #-}
 module Main where
 import qualified Data.ByteString                           as S
--- import           Data.ByteString.Base64                    as B64
 import           Data.Monoid                               ((<>))
 import           Data.Serialize                            (put, runPut)
 import           Network.Wai.Auth.Executable
diff --git a/src/Network/Wai/Middleware/Auth.hs b/src/Network/Wai/Middleware/Auth.hs
--- a/src/Network/Wai/Middleware/Auth.hs
+++ b/src/Network/Wai/Middleware/Auth.hs
@@ -210,14 +210,26 @@
                 (providerName:pathSuffix)
                   | Just provider <- HM.lookup providerName asProviders -> do
                     appRoot <- asGetAppRoot req
-                    let onSuccess userIdentity = do
+                    let onFailure status errMsg =
+                          return $
+                          responseBuilder status [] $
+                          asProvidersTemplate
+                            (Just $ decodeUtf8With lenientDecode errMsg)
+                            authRouteRender
+                            asProviders
+                    let onSuccess "" =
+                          onFailure
+                            status501
+                            "Empty user identity is not allowed"
+                        onSuccess userIdentity = do
                           CTime now <- epochTime
                           cookie <-
                             saveAuthState $
                             AuthLoggedIn $
                             AuthUser
                             { authUserIdentity = userIdentity
-                            , authProviderName = encodeUtf8 $ getProviderName provider
+                            , authProviderName =
+                                encodeUtf8 $ getProviderName provider
                             , authLoginTime = now
                             }
                           return $
@@ -226,13 +238,6 @@
                               [("Location", protectedPath), cookie]
                               (fromByteString "Redirecting to " <>
                                fromByteString protectedPath)
-                    let onFailure status errMsg =
-                          return $
-                          responseBuilder status [] $
-                          asProvidersTemplate
-                            (Just $ decodeUtf8With lenientDecode errMsg)
-                            authRouteRender
-                            asProviders
                     let providerUrlRenderer (ProviderUrl suffix) =
                           mkRouteRender
                             (Just appRoot)
@@ -248,6 +253,9 @@
                         onSuccess
                         onFailure
                 _ -> respond $ responseLBS status404 [] "Unknown URL"
+          -- Workaround for Chrome asking for favicon.ico, causing a wrong
+          -- redirect url to be stored in a cookie.
+          ["favicon.ico"] -> respond $ responseLBS status404 [] "No favicon.ico"
           _ -> do
             cookie <-
               saveAuthState $
diff --git a/src/Network/Wai/Middleware/Auth/Provider.hs b/src/Network/Wai/Middleware/Auth/Provider.hs
--- a/src/Network/Wai/Middleware/Auth/Provider.hs
+++ b/src/Network/Wai/Middleware/Auth/Provider.hs
@@ -200,6 +200,7 @@
     <title>WAI Auth Middleware - Authentication Providers.
     <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
     <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous">
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js">
     <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous">
     <style>
       .provider-logo {
diff --git a/wai-middleware-auth.cabal b/wai-middleware-auth.cabal
--- a/wai-middleware-auth.cabal
+++ b/wai-middleware-auth.cabal
@@ -1,5 +1,5 @@
 name:                wai-middleware-auth
-version:             0.1.1.0
+version:             0.1.1.1
 synopsis:            Authentication middleware that secures WAI application
 description:         See README
 license:             MIT
