diff --git a/application/Espo/Core/Application.php b/application/Espo/Core/Application.php
index c159f529fc..55e1d12144 100644
--- a/application/Espo/Core/Application.php
+++ b/application/Espo/Core/Application.php
@@ -93,7 +93,7 @@ class Application
         $this->getContainer()->get('clientManager')->display();
     }
 
-    public function runEntryPoint($entryPoint, $data = array())
+    public function runEntryPoint($entryPoint, $data = array(), $final = false)
     {
         if (empty($entryPoint)) {
             throw new \Error();
@@ -107,8 +107,18 @@ class Application
         $entryPointManager = new \Espo\Core\EntryPointManager($container);
 
         try {
-            $auth = new \Espo\Core\Utils\Auth($this->container, $entryPointManager->checkNotStrictAuth($entryPoint));
-            $apiAuth = new \Espo\Core\Utils\Api\Auth($auth, $entryPointManager->checkAuthRequired($entryPoint), true);
+            $authRequired = $entryPointManager->checkAuthRequired($entryPoint);
+            $authNotStrict = $entryPointManager->checkNotStrictAuth($entryPoint);
+            if ($authRequired && !$authNotStrict) {
+                if (!$final && $portalId = $this->detectedPortalId()) {
+                    $app = new \Espo\Core\Portal\Application($portalId);
+                    $app->setBasePath($this->getBasePath());
+                    $app->runEntryPoint($entryPoint, $data, true);
+                    exit;
+                }
+            }
+            $auth = new \Espo\Core\Utils\Auth($this->container, $authNotStrict);
+            $apiAuth = new \Espo\Core\Utils\Api\Auth($auth, $authRequired, true);
             $slim->add($apiAuth);
 
             $slim->hook('slim.before.dispatch', function () use ($entryPoint, $entryPointManager, $container, $data) {
@@ -293,5 +303,25 @@ class Application
     {
         $this->getContainer()->get('clientManager')->setBasePath($basePath);
     }
+
+    public function getBasePath()
+    {
+        return $this->getContainer()->get('clientManager')->getBasePath();
+    }
+
+    public function detectedPortalId()
+    {
+        if (!empty($_GET['portalId'])) {
+            return $_GET['portalId'];
+        }
+        if (!empty($_COOKIE['auth-token'])) {
+            $token = $this->getContainer()->get('entityManager')->getRepository('AuthToken')->where(array('token'=>$_COOKIE['auth-token']))->findOne();
+
+            if ($token && $token->get('portalId')) {
+                return $token->get('portalId');
+            }
+        }
+        return null;
+    }
 }
 
diff --git a/application/Espo/EntryPoints/Avatar.php b/application/Espo/EntryPoints/Avatar.php
index 030e40f353..50429b5ca4 100644
--- a/application/Espo/EntryPoints/Avatar.php
+++ b/application/Espo/EntryPoints/Avatar.php
@@ -36,7 +36,7 @@ use \Espo\Core\Exceptions\Error;
 
 class Avatar extends Image
 {
-    public static $authRequired = true;
+    public static $authRequired = false;
 
     public static $notStrictAuth = true;
 
diff --git a/client/src/app-portal.js b/client/src/app-portal.js
index c48f444875..f0ede013b4 100644
--- a/client/src/app-portal.js
+++ b/client/src/app-portal.js
@@ -36,7 +36,7 @@ Espo.define('app-portal', ['app', 'acl-portal-manager'], function (Dep, AclPorta
 
         createAclManager: function () {
             return new AclPortalManager(this.user);
-        }
+        },
 
     });
 
diff --git a/client/src/app.js b/client/src/app.js
index ca05bdb73a..89fea859ab 100644
--- a/client/src/app.js
+++ b/client/src/app.js
@@ -386,6 +386,8 @@ Espo.define(
                 this.auth = Base64.encode(data.auth.userName  + ':' + data.auth.token);
                 this.storage.set('user', 'auth', this.auth);
 
+                this.setCookieAuthToken(data.auth.token);
+
                 this.initUserData(data, function () {
                     this.trigger('auth');
                 }.bind(this));
@@ -419,12 +421,25 @@ Espo.define(
             this.doAction({action: 'login'});
             this.language.clearCache();
 
+            this.unsetCookieAuthToken();
+
             xhr = new XMLHttpRequest;
             xhr.open('GET', this.url + '/', !1, 'logout', 'logout');
             xhr.send('');
             xhr.abort();
         },
 
+        setCookieAuthToken: function (token) {
+            var date = new Date();
+            date.setTime(date.getTime() + (1000 * 24*60*60*1000));
+            console.log(token);
+            document.cookie = 'auth-token='+token+'; expires='+date.toGMTString()+'; path=/';
+        },
+
+        unsetCookieAuthToken: function () {
+            document.cookie = 'auth-token' + '=; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/';
+        },
+
         initUserData: function (options, callback) {
             options = options || {};
 
@@ -478,7 +493,7 @@ Espo.define(
                 url: 'App/user',
             }).done(function (data) {
                 callback(data);
-            });
+            }.bind(this));
         },
 
         setupAjax: function () {
diff --git a/index.php b/index.php
index 68c1a5adb9..5edcd2241b 100644
--- a/index.php
+++ b/index.php
@@ -36,9 +36,6 @@ if (!$app->isInstalled()) {
 }
 
 if (!empty($_GET['entryPoint'])) {
-    if (!empty($_GET['portalId'])) {
-        $app = new \Espo\Core\Portal\Application($_GET['portalId']);
-    }
     $app->runEntryPoint($_GET['entryPoint']);
     exit;
 }
diff --git a/portal/index.php b/portal/index.php
index 59c2869e23..09097bb25e 100644
--- a/portal/index.php
+++ b/portal/index.php
@@ -35,9 +35,6 @@ if (!$app->isInstalled()) {
 }
 
 if (!empty($_GET['entryPoint'])) {
-    if (!empty($_GET['portalId'])) {
-        $app = new \Espo\Core\Portal\Application($_GET['portalId']);
-    }
     $app->setBasePath('../');
     $app->runEntryPoint($_GET['entryPoint']);
     exit;