diff --git a/src/main/java/com/erudika/scoold/controllers/SigninController.java b/src/main/java/com/erudika/scoold/controllers/SigninController.java
index b2fef085..3a70865b 100755
--- a/src/main/java/com/erudika/scoold/controllers/SigninController.java
+++ b/src/main/java/com/erudika/scoold/controllers/SigninController.java
@@ -60,10 +60,10 @@ public SigninController(ScooldUtils utils) {
 	public String get(@RequestParam(name = "returnto", required = false, defaultValue = HOMEPAGE) String returnto,
 			HttpServletRequest req, HttpServletResponse res, Model model) {
 		if (utils.isAuthenticated(req)) {
-			return "redirect:" + (StringUtils.startsWithIgnoreCase(returnto, SIGNINLINK) ? HOMEPAGE : returnto);
+			return "redirect:" + (StringUtils.startsWithIgnoreCase(returnto, SIGNINLINK) ? HOMEPAGE : getBackToUrl(req));
 		}
 		if (!HOMEPAGE.equals(returnto) && !SIGNINLINK.equals(returnto)) {
-			HttpUtils.setStateParam("returnto", Utils.urlEncode(returnto), req, res);
+			HttpUtils.setStateParam("returnto", Utils.urlEncode(getBackToUrl(req)), req, res);
 		} else {
 			HttpUtils.removeStateParam("returnto", req, res);
 		}
diff --git a/src/main/java/com/erudika/scoold/utils/HttpUtils.java b/src/main/java/com/erudika/scoold/utils/HttpUtils.java
index 61f2f644..ffcb52c1 100644
--- a/src/main/java/com/erudika/scoold/utils/HttpUtils.java
+++ b/src/main/java/com/erudika/scoold/utils/HttpUtils.java
@@ -306,6 +306,14 @@ public static void setAuthCookie(String jwt, HttpServletRequest req, HttpServlet
 	 */
 	public static String getBackToUrl(HttpServletRequest req) {
 		String backtoFromCookie = Utils.urlDecode(HttpUtils.getStateParam("returnto", req));
+		if (StringUtils.isBlank(backtoFromCookie)) {
+			backtoFromCookie = req.getParameter("returnto");
+		}
+		if ((StringUtils.startsWithIgnoreCase(backtoFromCookie, "http://") ||
+				StringUtils.startsWithIgnoreCase(backtoFromCookie, "https://")) &&
+				!StringUtils.startsWithIgnoreCase(backtoFromCookie, ScooldServer.getServerURL())) {
+			backtoFromCookie = "";
+		}
 		return (StringUtils.isBlank(backtoFromCookie) ? HOMEPAGE : backtoFromCookie);
 	}
 }