diff --git a/vnc_auto.html b/vnc_auto.html
index af4b10a4..ac33b96e 100644
--- a/vnc_auto.html
+++ b/vnc_auto.html
@@ -188,7 +188,7 @@
             var xvpbuttons;
             xvpbuttons = $D('noVNC_xvp_buttons');
             if (ver >= 1) {
-                xvpbuttons.style.display = 'inline';yakpal.setClipboard
+                xvpbuttons.style.display = 'inline';
             } else {
                 xvpbuttons.style.display = 'none';
             }
@@ -196,7 +196,7 @@
 
         function onClipboard(rfb, text){
             $D('copyBox').value = text
-            if(window.yakpal && window.yakpal.setClipboard){
+            if(window['yakpal'] && window.yakpal.setClipboard){
                 yakpal.setClipboard(text);
             }
         }
@@ -204,6 +204,19 @@
         window.onscriptsload = function () {
             var host, port, password, path, token, lastClipboard;
 
+            // Expire any old (>4h) entries from localStorage
+            Object.keys(localStorage)
+                  .filter((x)=>x.indexOf('coyote-url-') === 0)
+                  .map((x)=>[x, JSON.parse(localStorage.getItem(x))])
+                  .filter((x)=>!x[1].timestamp || (new Date() - new Date(x[1].timestamp)) > 1000 * 3600 * 4)
+                  .map((x)=>localStorage.removeItem(x[0]));
+
+            // If we have an RID, try to load the real URL from session storage
+            var rid = WebUtil.getConfigVar('rid', '');
+            var url = localStorage.getItem('coyote-url-' + rid);
+            if (rid && url)
+                window.history.replaceState({}, document.title, url.url);
+
             //$D('sendCtrlAltDelButton').style.display = "inline";
             //$D('sendCtrlAltDelButton').onclick = sendCtrlAltDel;
             //$D('xvpShutdownButton').onclick = xvpShutdown;
@@ -220,7 +233,7 @@
             $D('copyBox').addEventListener('paste', updateClipboard);
 
             setInterval(function(){
-                if(!window.yakpal || !window.yakpal.getClipboard) return;
+                if(!window['yakpal'] || !window.yakpal.getClipboard) return;
                 //hide use-yakpal if they have it
                 try{
                     document.getElementById('use-yakpal').style.display = 'none';
@@ -296,8 +309,15 @@
             elm.style.display = '';
 
             // Scrub the query params from the URL so that it can be safely copy/pasted
+            // However, to support F5 or Ctrl-Shift-T, save the real URL in localstorage
+            // under a magic ID. The credentials are only valid for ~30 minutes after
+            // the user disconnects anyway, so this isn't a huge security issue.
             console.log("Pushing new URL. Original: " + window.location.href);
-            window.history.replaceState({}, document.title, window.location.pathname);
+            if (!rid) {
+                rid = ("" + Math.random()).replace("0.", "");
+            }
+            localStorage.setItem("coyote-url-" + rid, JSON.stringify({url: window.location.href, timestamp: new Date()}));
+            window.history.replaceState({}, document.title, window.location.pathname + "?rid=" + rid);
 
             rfb.connect(host, port, password, path);
         };