diff --git a/tests/form_pages/test_all.py b/tests/form_pages/test_all.py
index 6fd2dda72..85af08825 100644
--- a/tests/form_pages/test_all.py
+++ b/tests/form_pages/test_all.py
@@ -2062,6 +2062,41 @@ def test_form_tracking_code_email(pub, emails, nocache):
     assert resp.forms[1]['f0'].value == 'barfoo'
 
 
+def test_form_tracking_code_email_and_verification(pub, emails, nocache):
+    formdef = create_formdef()
+    formdef.fields = [
+        fields.StringField(id='0', label='string1', required=False),
+        fields.StringField(id='1', label='string2', required=False),
+        fields.DateField(id='2', label='date', required=False),
+    ]
+    formdef.enable_tracking_codes = True
+    formdef.tracking_code_verify_fields = ['0', '1', '2']
+    formdef.store()
+
+    app = get_app(pub)
+    resp = app.get('/test/')
+    resp.form['f0'] = 'barfoo'
+    # autosave will be made using javascript in real world
+    app.post('/test/autosave', params=resp.form.submit_fields())
+
+    tracking_code = get_displayed_tracking_code(resp)
+    assert tracking_code is not None
+
+    resp = app.get('/test/code/%s/' % tracking_code)
+    assert '<h2>Keep your tracking code</h2>' in resp.text
+    resp.forms[0]['email'] = 'foo@localhost'
+    resp = resp.forms[0].submit()
+    assert emails.get('Tracking Code reminder')
+    assert tracking_code in emails.get('Tracking Code reminder')['payload']
+    assert resp.location == 'http://example.net/test/code/%s/load' % tracking_code
+
+    # returns to the form, without verification: formdata is mine
+    resp = resp.follow()
+    resp = resp.follow()
+    resp = resp.follow()
+    assert resp.forms[1]['f0'].value == 'barfoo'
+
+
 def test_form_tracking_code_email_antibot(pub, emails, nocache):
     formdef = create_formdef()
     formdef.data_class().wipe()
diff --git a/wcs/forms/root.py b/wcs/forms/root.py
index 0f817d9ae..cc1cabfdc 100644
--- a/wcs/forms/root.py
+++ b/wcs/forms/root.py
@@ -191,6 +191,9 @@ class TrackingCodeDirectory(Directory):
         if get_request().is_from_bot():
             raise errors.AccessForbiddenError()
 
+        if formdata.is_submitter(get_request().user):
+            return redirect(formdata.get_url())
+
         verify_fields = []
         for field in formdata.formdef.fields:
             if field.id in (formdata.formdef.tracking_code_verify_fields or []):