diff --git a/src/main/scala/app/ControllerBase.scala b/src/main/scala/app/ControllerBase.scala
index 98b3aca..9e644aa 100644
--- a/src/main/scala/app/ControllerBase.scala
+++ b/src/main/scala/app/ControllerBase.scala
@@ -3,7 +3,7 @@
 import _root_.util.Directory._
 import _root_.util.Implicits._
 import _root_.util.ControlUtil._
-import _root_.util.{FileUtil, Validations, Keys}
+import _root_.util.{StringUtil, FileUtil, Validations, Keys}
 import org.scalatra._
 import org.scalatra.json._
 import org.json4s._
@@ -38,7 +38,7 @@
       val account = httpRequest.getSession.getAttribute(Keys.Session.LoginAccount).asInstanceOf[Account]
       if(account == null){
         // Redirect to login form
-        httpResponse.sendRedirect(context + "/signin?" + path)
+        httpResponse.sendRedirect(context + "/signin?" + StringUtil.urlEncode(path))
       } else if(account.isAdmin){
         // H2 Console (administrators only)
         chain.doFilter(request, response)
@@ -107,7 +107,7 @@
         if(request.getMethod.toUpperCase == "POST"){
           org.scalatra.Unauthorized(redirect("/signin"))
         } else {
-          org.scalatra.Unauthorized(redirect("/signin?redirect=" + currentURL))
+          org.scalatra.Unauthorized(redirect("/signin?redirect=" + StringUtil.urlEncode(currentURL)))
         }
       }
     }
diff --git a/src/main/scala/app/SignInController.scala b/src/main/scala/app/SignInController.scala
index f920688..b6a43f0 100644
--- a/src/main/scala/app/SignInController.scala
+++ b/src/main/scala/app/SignInController.scala
@@ -48,7 +48,7 @@
       if(redirectUrl.replaceFirst("/$", "") == request.getContextPath){
         redirect("/")
       } else {
-        redirect(urlEncode(redirectUrl).replaceAll("%2F", "/"))
+        redirect(redirectUrl)
       }
     }.getOrElse {
       redirect("/")