Url skip second querystring parameter in HttpContext.Current.Request.Url.AbsoluteUri

Question

I have a class which i inherit to all pages to check if session timeouts then redirect to login page here is the code

public class WMUserBase:System.Web.UI.Page
{
    public WMUserBase()
    {

    }
    protected override void OnLoad(System.EventArgs e)
    {
        CheckSecurity();
        base.OnLoad(e);
    }
    public virtual void CheckSecurity()
    {
        if (Session["WMuserId"] == null || Session["WMuserId"].ToString() == "")
        {
            Response.Redirect("Login.aspx?ReturnUrl=" + HttpContext.Current.Request.Url.AbsoluteUri);
        }
    }
}

Every page inherit this class and if session timeouts then page is redirected to login page now i used
Response.Redirect("Login.aspx?ReturnUrl=" + HttpContext.Current.Request.Url.AbsoluteUri); but if my querystring has two parameters for eg http://localhost/mala3ibnav2/WeeklyManager/TeamSetup.aspx?Gid=MTQ=&Mid=Mg== in AbsoluteUril &Mid=Mg== is sometimes skipped not always.
Here is the code for Login Page login button click event

 if(string.IsNullOrEmpty(ReturnUrl))
                {
                    Response.Redirect("Default.aspx");
                }
                else
                {
                    Response.Redirect(ReturnUrl);
                }

Now why second parameter is skipped in querystring and what else should I is use instead of HttpContext.Current.Request.Url.AbsoluteUri

Answer 1

You must encode url:

Response.Redirect("Login.aspx?ReturnUrl=" + HttpUtility.UrlEncode(HttpContext.Current.Request.Url.AbsoluteUri));

If you are using forms autentication, you can set authentication timeout to one minute less than your session timeout. Then you don't have to code this by yourself, because ASP.NET will redirect user to login page automatically after the timeout has expired.