diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 000fb7c2a63..a826b4a0762 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -57,7 +57,7 @@ class Admin::UsersController < Admin::AdminController
   end
 
   def refresh_browsers
-    MessageBus.publish "/file-change", ["refresh"], user_ids: [@user.id]
+    refresh_browser @user
     render nothing: true
   end
 
@@ -131,6 +131,7 @@ class Admin::UsersController < Admin::AdminController
   def deactivate
     guardian.ensure_can_deactivate!(@user)
     @user.deactivate
+    refresh_browser @user
     render nothing: true
   end
 
@@ -182,4 +183,8 @@ class Admin::UsersController < Admin::AdminController
       @user = User.where(id: params[:user_id]).first
     end
 
+    def refresh_browser(user)
+      MessageBus.publish "/file-change", ["refresh"], user_ids: [user.id]
+    end
+
 end
diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index 0533ac4ae2d..ef14ab1bc5f 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -82,7 +82,7 @@ class SessionController < ApplicationController
       return
     end
 
-    user.email_confirmed? ? login(user) : not_activated(user)
+    (user.active && user.email_confirmed?) ? login(user) : not_activated(user)
   end
 
   def forgot_password
diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
index 4523e5d14b1..6752b45b099 100644
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@@ -27,7 +27,7 @@ class Auth::DefaultCurrentUserProvider
       current_user = User.where(auth_token: auth_token).first
     end
 
-    if current_user && current_user.suspended?
+    if current_user && (current_user.suspended? || !current_user.active)
       current_user = nil
     end
 
diff --git a/lib/guardian.rb b/lib/guardian.rb
index 73516697756..607e79deed4 100644
--- a/lib/guardian.rb
+++ b/lib/guardian.rb
@@ -134,7 +134,10 @@ class Guardian
   def can_approve?(target)
     is_staff? && target && not(target.approved?)
   end
-  alias :can_activate? :can_approve?
+
+  def can_activate?(target)
+    is_staff? && target && not(target.active?)
+  end
 
   def can_suspend?(user)
     user && is_staff? && user.regular?
diff --git a/spec/controllers/session_controller_spec.rb b/spec/controllers/session_controller_spec.rb
index 2bc5e7426a3..a5d44e0443a 100644
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@@ -195,6 +195,14 @@ describe SessionController do
         end
       end
 
+      describe 'deactivated user' do
+        it 'should return an error' do
+          User.any_instance.stubs(:active).returns(false)
+          xhr :post, :create, login: user.username, password: 'myawesomepassword'
+          expect(JSON.parse(response.body)['error']).to eq(I18n.t('login.not_activated'))
+        end
+      end
+
       describe 'success by username' do
         it 'logs in correctly' do
           xhr :post, :create, login: user.username, password: 'myawesomepassword'