diff --git a/cas.admin.inc b/cas.admin.inc
index 08967fd..85db614 100644
--- a/cas.admin.inc
+++ b/cas.admin.inc
@@ -212,11 +212,16 @@ function cas_admin_settings() {
     '#collapsed' => TRUE,
   );
 
-  $form['pages']['cas_check_first'] = array(
-    '#type' => 'checkbox',
+  $form['pages']['cas_check_frequency'] = array(
+    '#type' => 'radios',
     '#title' => t('Check with the CAS server to see if the user is already logged in?'),
-    '#default_value' => variable_get('cas_check_first', 0),
-    '#description' => t('This implements the <a href="@cas-gateway">Gateway feature</a> of the CAS Protocol. The check is only performed the first time a user visits your site, so that the local drupal logout is still useful for site admins.', array('@cas-gateway' => 'https://wiki.jasig.org/display/CAS/gateway')),
+    '#default_value' => variable_get('cas_check_frequency', CAS_CHECK_NEVER),
+    '#options' => array(
+      CAS_CHECK_NEVER => 'Never',
+      CAS_CHECK_ONCE => 'Once per browser session',
+      CAS_CHECK_ALWAYS => 'Always (every page load)',
+    ),
+    '#description' => t('This implements the <a href="@cas-gateway">Gateway feature</a> of the CAS Protocol. <strong>WARNING:</strong> Enabling it at all will <em>completely disable page caching</em>, and will prevent users from logging out locally unless also logged out of CAS. Setting it to "Always" will perform redirects on EVERY page load unless the user is alreay logged in, and is not recommended in most circumstances.', array('@cas-gateway' => 'https://wiki.jasig.org/display/CAS/gateway')),
   );
 
   $form['pages']['cas_access'] = array(
diff --git a/cas.install b/cas.install
index d9d1198..6f8755e 100644
--- a/cas.install
+++ b/cas.install
@@ -80,7 +80,7 @@ function cas_uninstall() {
   variable_del('cas_auto_assigned_role');
   variable_del('cas_cert');
   variable_del('cas_changePasswordURL');
-  variable_del('cas_check_first');
+  variable_del('cas_check_frequency');
   variable_del('cas_debugfile');
   variable_del('cas_domain');
   variable_del('cas_exclude');
@@ -108,6 +108,7 @@ function cas_uninstall() {
 
   // And old (un-used) variables.
   variable_del('cas_cert_verify');
+  variable_del('cas_check_first');
   variable_del('cas_first_login');
   variable_del('cas_hijack_user');
   variable_del('cas_ldap_email_attribute');
@@ -349,3 +350,23 @@ function cas_update_7000(&$sandbox) {
   $moved_deltas = array();
   update_fix_d7_block_deltas($sandbox, $renamed_deltas, $moved_deltas);
 }
+
+/**
+ * Use variable 'cas_check_frequency' instead of 'cas_gateway'.
+ */
+function cas_update_7101() {
+  if (variable_get('cas_check_first', NULL) === NULL) {
+    // The old variable was not set, nothing to do.
+    return;
+  }
+
+  if (variable_get('cas_check_first', FALSE)) {
+    // Check once, but not again until login.
+    variable_set('cas_check_frequency', -1);
+  }
+  else {
+    // Check never.
+    variable_set('cas_check_frequency', -2);
+  }
+  variable_del('cas_check_first');
+}
diff --git a/cas.module b/cas.module
index a168f51..c3e224d 100644
--- a/cas.module
+++ b/cas.module
@@ -15,6 +15,11 @@ define('CAS_LOGIN_DRUPAL_INVITE_DEFAULT', 'Cancel CAS login');
 define('CAS_LOGIN_REDIR_MESSAGE', 'You will be redirected to the secure CAS login page.');
 define('CAS_EXCLUDE', 'services/*');
 
+// Frequency of CAS Gateway checking.
+define('CAS_CHECK_NEVER', -2);
+define('CAS_CHECK_ONCE', -1);
+define('CAS_CHECK_ALWAYS', 0);
+
 /**
  * Implements hook_init().
  *
@@ -36,7 +41,9 @@ function cas_init() {
   if (!$user->uid) {
     $force_authentication = _cas_force_login();
     $check_authentication = _cas_allow_check_for_login();
-    if ($force_authentication || $check_authentication) {
+    $request_type = $_SERVER['REQUEST_METHOD'];
+    $perform_login_check = $force_authentication || ($check_authentication && ($request_type == 'GET'));
+    if ($perform_login_check) {
       cas_login_check($force_authentication);
     }
   }
@@ -76,8 +83,6 @@ function cas_login_check($force_authentication = TRUE) {
   }
   else {
     $logged_in = phpCAS::checkAuthentication();
-    // Set the login tested cookie
-    setcookie('cas_login_checked', 'true');
 
     // We're done cause we're not logged in.
     if (!$logged_in) {
@@ -173,7 +178,8 @@ function cas_login_check($force_authentication = TRUE) {
       drupal_set_message(t('You will remain logged in on this computer even after you close your browser.'));
     }
 
-    cas_login_page($cas_first_login);
+    _cas_redirect_after_login($cas_first_login);
+
   }
   else {
     $user = drupal_anonymous_user();
@@ -280,8 +286,8 @@ function cas_phpcas_init() {
     phpCAS::setNoCasServerValidation();
   }
 
-  $service = isset($_GET['q']) ? $_GET['q'] : 'cas';
-  phpCAS::setFixedServiceURL(url($service, array('query' => cas_login_destination(), 'absolute' => TRUE)));
+  phpCAS::setFixedServiceURL(url(current_path(), array('query' => drupal_get_query_parameters(), 'absolute' => TRUE)));
+  phpCAS::setCacheTimesForAuthRecheck((int) variable_get('cas_check_frequency', CAS_CHECK_NEVER));
 
   // Allow other modules to call phpCAS routines. We do not call
   // drupal_alter() since there are no parameters to pass.
@@ -417,19 +423,6 @@ function cas_translated_menu_link_alter(&$item) {
 }
 
 /**
- * Helper function to rewrite the destination to avoid redirecting to login page after login.
- *
- * Instead of the login page, we redirect to the front page.
- */
-function cas_login_destination() {
-  $destination = user_login_destination();
-  if ($destination['destination'] == 'cas') {
-    $destination['destination'] = '';
-  }
-  return $destination;
-}
-
-/**
  * Implements hook_user_operations().
  */
 function cas_user_operations($form = array(), $form_state = array()) {
@@ -631,26 +624,15 @@ function cas_user_load_by_name($cas_name, $alter = FALSE, $reset = FALSE) {
 }
 
 /**
- * Redirects to appropriate page based on user settings.
+ * This is the page callback for the /cas page, which is used only to
+ * trigger a forced CAS authentication.
  *
- * @param $cas_first_login
- *   TRUE if the user was just registered and they should be redirected to the
- *   configured 'Initial login landing page'.
+ * In almost all cases, the user will have been redirected before even
+ * hitting this page (see hook_init implementation). But as a stop gap
+ * just redirect to the homepage.
  */
-function cas_login_page($cas_first_login = FALSE) {
-  global $user;
-  $destination = '';
-  $query = array();
-  // If it is the user's first CAS login and initial login redirection is enabled, go to the set page
-  if ($cas_first_login && variable_get('cas_first_login_destination', '')) {
-    $destination = variable_get('cas_first_login_destination', '');
-    if (isset($_GET['destination']))
-      $query['destination'] = $_GET['destination'];
-    unset($_GET['destination']);
-  }
-
-  // Respect the query string, if transmitted.
-  drupal_goto($destination, array('query' => $query));
+function cas_login_page() {
+  drupal_goto('');
 }
 
 /**
@@ -770,16 +752,11 @@ function cas_login_block($form) {
  *   authenticated, FALSE otherwise.
  */
 function _cas_allow_check_for_login() {
-  if (!variable_get('cas_check_first', 0)) {
+  if (variable_get('cas_check_frequency', CAS_CHECK_NEVER) == CAS_CHECK_NEVER) {
     // The user has disabled the feature.
     return FALSE;
   }
 
-  // Check to see if we already have.
-  if (!empty($_COOKIE['cas_login_checked'])) {
-    return FALSE;
-  }
-
   // Check to see if we've got a search bot.
   if (isset($_SERVER['HTTP_USER_AGENT'])) {
     $crawlers = array(
@@ -1306,3 +1283,30 @@ function cas_views_api() {
     'path' => drupal_get_path('module', 'cas') . '/includes/views',
   );
 }
+
+/**
+ * Redirect a user after they have logged into the website through CAS
+ *
+ * @param $cas_first_login - TRUE if this is the first time the CAS user
+ * logged into the site
+ */
+function _cas_redirect_after_login($cas_first_login) {
+  // With users first log in, we may want to redirect them to a special page if specified
+  if ($cas_first_login && variable_get('cas_first_login_destination', '')) {
+    $destination = variable_get('cas_first_login_destination', '');
+    drupal_goto($destination);
+  }
+  else {
+    // If we logged in thru forced authentication ('/cas'), then we don't
+    // want to redirect users to the homepage, or to wherever the current "destination"
+    // parameter points.
+    if (current_path() == 'cas') {
+      drupal_goto('');
+    }
+    // If they logged in thru the gateway feature, then just reload the current path
+    // and preserve any query string args that were set
+    else {
+      drupal_goto(current_path(), array('query' => drupal_get_query_parameters()));
+    }
+  }
+}
diff --git a/cas.test b/cas.test
index 5e5ff7d..0080ade 100644
--- a/cas.test
+++ b/cas.test
@@ -593,7 +593,7 @@ class CasLoginRedirectionTestCase extends CasTestHelper {
     variable_set('cas_first_login_destination', "node/$node->nid");
     $cas_name = $this->randomName();
     $account = $this->casLogin($cas_name);
-    $this->assertUrl("node/$node->nid", array('query' => array('destination' => '')));
+    $this->assertUrl("node/$node->nid");
     $this->drupalLogout();
 
     // The second login should not be redirected.
@@ -605,7 +605,7 @@ class CasLoginRedirectionTestCase extends CasTestHelper {
     // destination.
     $account = $this->casCreateUser();
     $this->casLogin($account);
-    $this->assertUrl("node/$node->nid", array('query' => array('destination' => '')));
+    $this->assertUrl("node/$node->nid");
     $this->drupalLogout();
 
     // The second login should not be redirected.
@@ -670,19 +670,31 @@ class CasGatewayTestCase extends CasTestHelper {
 
   function setUp() {
     parent::setUp();
-    variable_set('cas_check_first', TRUE);
   }
 
   /**
    * Test the CAS Gateway functionality of the user is not logged in.
    */
   function testCasGatewayLoggedOut() {
+    $node1 = $this->drupalCreateNode();
+
+    variable_set('cas_check_frequency', CAS_CHECK_ONCE);
     $this->drupalGet('');
-    $this->assertTrue($this->redirect_count > 1, 'Polled CAS server on first request.');
+    $this->assertTrue($this->redirect_count == 2, 'Polled CAS server on first request.');
     $this->drupalGet('');
     $this->assertEqual($this->redirect_count, 0, 'Did not poll CAS server on second request.');
-    $this->drupalGet('node');
+    $this->drupalGet('node/' . $node1->nid);
     $this->assertEqual($this->redirect_count, 0, 'Did not poll CAS server on third request.');
+    $this->assertFalse($this->loggedInUser);
+
+    variable_set('cas_check_frequency', CAS_CHECK_ALWAYS);
+    $this->drupalGet('');
+    $this->assertTrue($this->redirect_count == 2, 'Polled CAS server on first request');
+    $this->drupalGet('');
+    $this->assertTrue($this->redirect_count == 2, 'Polled CAS server on second request');
+    $this->drupalGet('node/' . $node1->nid);
+    $this->assertEqual($this->redirect_count == 2, 'Polled CAS server on third request');
+    $this->assertFalse($this->loggedInUser);
   }
 
   /**
@@ -694,7 +706,18 @@ class CasGatewayTestCase extends CasTestHelper {
     $account = $this->casCreateUser($cas_name);
     $this->setCasUser($cas_name);
 
-    $this->drupalGet('node');
+    variable_set('cas_check_frequency', CAS_CHECK_ONCE);
+    $this->drupalGet('');
+    $this->assertLoggedIn($account);
+    // Logging out should immediately log a user back in
+    $this->drupalGet('user/logout');
+    $this->assertLoggedIn($account);
+
+    variable_set('cas_check_frequency', CAS_CHECK_ALWAYS);
+    $this->drupalGet('');
+    $this->assertLoggedIn($account);
+    // Logging out should immediately log a user back in
+    $this->drupalGet('user/logout');
     $this->assertLoggedIn($account);
   }
 }
@@ -754,7 +777,7 @@ class CasRequiredLoginTestCase extends CasTestHelper {
     $account = $this->casCreateUser();
     $this->setCasUser($account);
 
-    variable_set('cas_check_first', TRUE);
+    variable_set('cas_check_frequency', CAS_CHECK_ONCE);
     variable_set('cas_exclude', "node/$node->nid");
 
     // Visit an excluded page and ensure we did not try to log in.