I read the following article on 4guys: http://www.4guysfromrolla.com/webtech/050499-1.shtml and tried to implement a similar security model on my site. Whenever a user tries to directly access a url without logging in, they are correctly re-routed to the logon screen. The problem is that once they login, the pages passes a url looking something like this: http://servername/%252Fit%252FDefault%252Easp when it should be http://servername/test.asp. I'm using virtually the EXACT code from this article, so I'm a bit confused. Can anyone point me in the right direction?