diff --git a/framework/auth/views.py b/framework/auth/views.py
index 0338654fac3..f3263f7a6ba 100644
--- a/framework/auth/views.py
+++ b/framework/auth/views.py
@@ -382,11 +382,20 @@ def login_and_register_handler(auth, login=True, campaign=None, next_url=None, l
         elif auth.logged_in:
             # if user is already logged in, redirect to `next_url`
             data['status_code'] = http_status.HTTP_302_FOUND
-            data['next_url'] = next_url
+            data['next_url'] = (
+                next_url.replace('5000', '4200')
+                if 'localhost' in settings.DOMAIN
+                else next_url
+            )
         elif login:
             # `/login?next=next_url`: go to CAS login page with current request url as service url
             data['status_code'] = http_status.HTTP_302_FOUND
-            data['next_url'] = cas.get_login_url(request.url)
+            cas_login_url = cas.get_login_url(request.url)
+            data['next_url'] = (
+                cas_login_url.replace('5000', '4200')
+                if 'localhost' in settings.DOMAIN
+                else cas_login_url
+            )
         else:
             # `/register?next=next_url`: land on OSF register page with request url as next url
             data['status_code'] = http_status.HTTP_200_OK
diff --git a/tests/test_auth_views.py b/tests/test_auth_views.py
index 8e8cc5fafb1..8f261bf0165 100644
--- a/tests/test_auth_views.py
+++ b/tests/test_auth_views.py
@@ -582,20 +582,20 @@ def test_next_url_login_with_auth(self):
         # next_url login: user with auth
         data = login_and_register_handler(self.auth, next_url=self.next_url)
         assert data.get('status_code') == http_status.HTTP_302_FOUND
-        assert data.get('next_url') == self.next_url
+        assert data.get('next_url') == self.next_url.replace('5000', '4200')
 
     def test_next_url_login_without_auth(self):
         # login: user without auth
         request.url = web_url_for('auth_login', next=self.next_url, _absolute=True)
         data = login_and_register_handler(self.no_auth, next_url=self.next_url)
         assert data.get('status_code') == http_status.HTTP_302_FOUND
-        assert data.get('next_url') == cas.get_login_url(request.url)
+        assert data.get('next_url') == cas.get_login_url(request.url).replace('5000', '4200')
 
     def test_next_url_register_with_auth(self):
         # register: user with auth
         data = login_and_register_handler(self.auth, login=False, next_url=self.next_url)
         assert data.get('status_code') == http_status.HTTP_302_FOUND
-        assert data.get('next_url') == self.next_url
+        assert data.get('next_url') == self.next_url.replace('5000', '4200')
 
     def test_next_url_register_without_auth(self):
         # register: user without auth