diff --git a/wp-admin/install.php b/wp-admin/install.php
index 2403982046..80b7fbf1f5 100644
--- a/wp-admin/install.php
+++ b/wp-admin/install.php
@@ -330,7 +330,6 @@ switch($step) {
 
 		$scripts_to_print[] = 'user-profile';
 
-		display_header();
 		// Fill in the data we gathered
 		$weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
 		$user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : '';
@@ -343,21 +342,26 @@ switch($step) {
 		$error = false;
 		if ( empty( $user_name ) ) {
 			// TODO: poka-yoke
+			display_header();
 			display_setup_form( __( 'Please provide a valid username.' ) );
 			$error = true;
 		} elseif ( $user_name != sanitize_user( $user_name, true ) ) {
+			display_header();
 			display_setup_form( __( 'The username you provided has invalid characters.' ) );
 			$error = true;
 		} elseif ( $admin_password != $admin_password_check ) {
 			// TODO: poka-yoke
+			display_header();
 			display_setup_form( __( 'Your passwords do not match. Please try again.' ) );
 			$error = true;
 		} elseif ( empty( $admin_email ) ) {
 			// TODO: poka-yoke
+			display_header();
 			display_setup_form( __( 'You must provide an email address.' ) );
 			$error = true;
 		} elseif ( ! is_email( $admin_email ) ) {
 			// TODO: poka-yoke
+			display_header();
 			display_setup_form( __( 'Sorry, that isn&#8217;t a valid email address. Email addresses look like <code>username@example.com</code>.' ) );
 			$error = true;
 		}
@@ -365,6 +369,16 @@ switch($step) {
 		if ( $error === false ) {
 			$wpdb->show_errors();
 			$result = wp_install( $weblog_title, $user_name, $admin_email, $public, '', wp_slash( $admin_password ), $loaded_language );
+
+			// Log the user in and send them to wp-admin:
+			if ( ! headers_sent() ) {
+				wp_set_auth_cookie( $result['user_id'], true, is_ssl() );
+				wp_redirect( admin_url() );
+				exit;
+			}
+
+			// If headers have already been sent, fall back to a "Success!" message:
+			display_header();
 ?>
 
 <h1><?php _e( 'Success!' ); ?></h1>
diff --git a/wp-includes/default-constants.php b/wp-includes/default-constants.php
index 2aa3430ec5..a269144819 100644
--- a/wp-includes/default-constants.php
+++ b/wp-includes/default-constants.php
@@ -205,7 +205,7 @@ function wp_cookie_constants() {
 		if ( $siteurl )
 			define( 'COOKIEHASH', md5( $siteurl ) );
 		else
-			define( 'COOKIEHASH', '' );
+			define( 'COOKIEHASH', md5( wp_guess_url() ) );
 	}
 
 	/**
diff --git a/wp-includes/version.php b/wp-includes/version.php
index ea3a9d8990..65ab890c97 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.7-alpha-38618';
+$wp_version = '4.7-alpha-38619';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.