diff --git a/lib/controllers/login.js b/lib/controllers/login.js
index 0c932ba8..34b5ff46 100644
--- a/lib/controllers/login.js
+++ b/lib/controllers/login.js
@@ -81,10 +81,10 @@ module.exports = function (req, res, next) {
       },
       'text/html': function () {
         var nextUri = url.parse(req.query.next || '').path;
-        var formActionUri = (config.web.login.uri + (nextUri ? ('?next=' + nextUri) : ''));
+        var formActionUri = (config.web.login.uri + (nextUri ? ('?next=' + encodeURIComponent(nextUri)) : ''));
 
         if (req.user && config.web.login.enabled) {
-          var nextUrl = nextUri || config.web.login.nextUri;
+          var nextUrl = nextUri || decodeURIComponent(config.web.login.nextUri);
           return res.redirect(302, nextUrl);
         }