diff --git a/lib/Cake/Controller/Component/AuthComponent.php b/lib/Cake/Controller/Component/AuthComponent.php
index b5cdda8bc..5435862f6 100644
--- a/lib/Cake/Controller/Component/AuthComponent.php
+++ b/lib/Cake/Controller/Component/AuthComponent.php
@@ -367,7 +367,8 @@ class AuthComponent extends Component {
 		if (!empty($this->ajaxLogin)) {
 			$controller->response->statusCode(403);
 			$controller->viewPath = 'Elements';
-			echo $controller->render($this->ajaxLogin, $this->RequestHandler->ajaxLayout);
+			$response = $controller->render($this->ajaxLogin, $this->RequestHandler->ajaxLayout);
+			$response->send();
 			$this->_stop();
 			return false;
 		}
diff --git a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
index be974fd11..a0e8d284f 100644
--- a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
@@ -1155,6 +1155,38 @@ class AuthComponentTest extends CakeTestCase {
 		unset($_SERVER['HTTP_X_REQUESTED_WITH']);
 	}
 
+/**
+ * testAjaxLoginResponseCode
+ *
+ * @return void
+ */
+	public function testAjaxLoginResponseCode() {
+		App::build(array(
+			'View' => array(CAKE . 'Test' . DS . 'test_app' . DS . 'View' . DS)
+		));
+		$_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest';
+
+		$url = '/ajax_auth/add';
+		$this->Auth->request->addParams(Router::parse($url));
+		$this->Auth->request->query['url'] = ltrim($url, '/');
+		$this->Auth->request->base = '';
+		$this->Auth->ajaxLogin = 'test_element';
+
+		Router::setRequestInfo($this->Auth->request);
+
+		$this->Controller->response = $this->getMock('CakeResponse', array('_sendHeader'));
+		$this->Controller->response->expects($this->at(0))
+		->method('_sendHeader')
+		->with('HTTP/1.1 403 Forbidden', null);
+		$this->Auth->initialize($this->Controller);
+
+		$result = $this->Auth->startup($this->Controller);
+
+		$this->assertFalse($result);
+		$this->assertEquals('this is the test element', $this->Controller->response->body());
+		unset($_SERVER['HTTP_X_REQUESTED_WITH']);
+	}
+
 /**
  * testLoginActionRedirect method
  *