diff --git a/apps/aqhome-cgi/modules/common/madmin.c b/apps/aqhome-cgi/modules/common/madmin.c
index b67f382..ff27e1d 100644
--- a/apps/aqhome-cgi/modules/common/madmin.c
+++ b/apps/aqhome-cgi/modules/common/madmin.c
@@ -166,10 +166,8 @@ int _handleRequest(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, const
   if (strcasecmp(sLastPathElem, "index.html")==0) {
     if (AQH_ModService_GetUserPerms(m) & (AQH_MODADM_PERMS_ADMINUSERS | AQH_MODADM_PERMS_ADMINMODULES))
       rv=_handleRqIndex(m, rq, dbuf);
-    else {
-      AQCGI_Request_SetResponseCode(rq, 403);
-      AQCGI_Request_SetResponseText(rq, "Forbidden");
-    }
+    else
+      AQH_ModService_DenyRequest(m, rq, session, dbuf);
   }
   else {
     AQCGI_Request_SetResponseCode(rq, 404);
diff --git a/apps/aqhome-cgi/modules/mroot.c b/apps/aqhome-cgi/modules/mroot.c
index fff302e..4c72955 100644
--- a/apps/aqhome-cgi/modules/mroot.c
+++ b/apps/aqhome-cgi/modules/mroot.c
@@ -19,6 +19,7 @@
 
 #include <gwenhywfar/debug.h>
 #include <gwenhywfar/timestamp.h>
+#include <gwenhywfar/text.h>
 
 
 
@@ -27,6 +28,10 @@
  * ------------------------------------------------------------------------------------------------
  */
 
+#define AQH_SERVICE_SESSION_MAXAGE 86400
+
+
+
 /* ------------------------------------------------------------------------------------------------
  * global vars
  * ------------------------------------------------------------------------------------------------
@@ -41,8 +46,9 @@ static AQH_MODULE *_loadSubModule(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION
 static int _handleRequest(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, const char *sLastPathElem);
 static int _handleRqIndex(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf);
 static int _handleRqLogin(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf);
-static int _handleRqLoginPost(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf);
-static AQH_USER *_getAndCheckUser(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf);
+static int _handleRqLoginGet(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf);
+static int _handleRqLoginPost(AQH_MODULE *m, AQCGI_REQUEST *rq);
+static AQH_USER *_getAndCheckUser(AQH_MODULE *m, AQCGI_REQUEST *rq);
 
 
 /* ------------------------------------------------------------------------------------------------
@@ -64,7 +70,7 @@ AQH_MODULE *AQH_ModRoot_new(AQH_SERVICE *sv, const char *baseFolder)
 
 
 
-AQH_MODULE *_loadSubModule(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, const char *sModuleName)
+AQH_MODULE *_loadSubModule(AQH_MODULE *m, GWEN_UNUSED AQCGI_REQUEST *rq, GWEN_UNUSED AQH_SESSION *session, const char *sModuleName)
 {
   AQH_SERVICE *sv;
 
@@ -110,7 +116,7 @@ AQH_MODULE *_loadSubModule(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *sessio
 
 
 
-int _handleRequest(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, const char *sLastPathElem)
+int _handleRequest(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_UNUSED AQH_SESSION *session, const char *sLastPathElem)
 {
   GWEN_BUFFER *dbuf;
 
@@ -160,9 +166,9 @@ int _handleRqIndex(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf)
 int _handleRqLogin(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf)
 {
   if (AQCGI_Request_GetRequestMethod(rq)==AQCGI_REQUEST_METHOD_GET)
-    AQH_ModService_RespondWithFile(m, rq, "en", "login.html", dbuf);
+    _handleRqLoginGet(m, rq, dbuf);
   else if (AQCGI_Request_GetRequestMethod(rq)==AQCGI_REQUEST_METHOD_POST)
-    _handleRqLoginPost(m, rq, dbuf);
+    _handleRqLoginPost(m, rq);
   else {
     DBG_ERROR(NULL, "Invalid request method %d", AQCGI_Request_GetRequestMethod(rq));
     AQCGI_Request_SetResponseCode(rq, 405);
@@ -174,28 +180,47 @@ int _handleRqLogin(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf)
 
 
 
-int _handleRqLoginPost(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf)
+int _handleRqLoginGet(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf)
+{
+  GWEN_DB_NODE *dbQuery;
+  const char *sSrc;
+  GWEN_DB_NODE *dbVars;
+  int rv;
+
+  dbVars=GWEN_DB_Group_new("vars");
+  dbQuery=AQCGI_Request_GetDbQuery(rq);
+  sSrc=dbQuery?GWEN_DB_GetCharValue(dbQuery, "src", 0, NULL):NULL;
+  if (sSrc && *sSrc)
+    GWEN_DB_SetCharValue(dbVars, 0, "destination", sSrc);
+
+  rv=AQH_ModService_RespondWithVarFile(m, rq, "en", "login.html", dbVars, dbuf);
+  GWEN_DB_Group_free(dbVars);
+  return rv;
+}
+
+
+
+int _handleRqLoginPost(AQH_MODULE *m, AQCGI_REQUEST *rq)
 {
   AQH_SERVICE *sv;
   AQH_USER *user;
   AQH_SESSION *session;
   GWEN_BUFFER *tbuf;
   GWEN_TIMESTAMP *ts;
+  GWEN_DB_NODE *dbPost;
+  const char *s;
   int rv;
 
   DBG_ERROR(NULL, "Handling request");
   sv=AQH_ModService_GetService(m);
-  user=_getAndCheckUser(m, rq, dbuf);
+  user=_getAndCheckUser(m, rq);
   if (user==NULL) {
     DBG_INFO(NULL, "here");
-    AQCGI_Request_SetResponseCode(rq, 500);
-    AQCGI_Request_SetResponseText(rq, "Internal Error");
     return GWEN_ERROR_GENERIC;
   }
 
   ts=GWEN_Timestamp_NowInLocalTime();
   AQH_User_SetTimestampLastLogin(user, ts);
-  DBG_ERROR(NULL, "Saving user");
   rv=AQH_Service_SaveUser(sv, user);
   if (rv<0) {
     DBG_ERROR(NULL, "Error saving user \"%s\"", AQH_User_GetAlias(user));
@@ -206,7 +231,6 @@ int _handleRqLoginPost(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf)
   }
 
   /* generate session */
-  DBG_ERROR(NULL, "Generating session");
   tbuf=GWEN_Buffer_new(0, 64, 0, 1);
   AQCGI_GenerateSessionId(tbuf);
   session=AQH_Session_new();
@@ -227,14 +251,38 @@ int _handleRqLoginPost(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf)
 
   /* add Set-Cookie header */
   tbuf=GWEN_Buffer_new(0, 256, 0, 1);
-  GWEN_Buffer_AppendArgs(tbuf, "Set-Cookie: session=%s; max-age=86400", AQH_Session_GetUid(session));
+  GWEN_Buffer_AppendArgs(tbuf, "Set-Cookie: session=%s; max-age=%d", AQH_Session_GetUid(session), AQH_SERVICE_SESSION_MAXAGE);
   AQCGI_Request_AddResponseHeaderData(rq, GWEN_Buffer_GetStart(tbuf));
   GWEN_Buffer_free(tbuf);
 
   /* finish */
-  AQCGI_Request_AddResponseHeaderData(rq, "Location: index.html");
-  AQCGI_Request_SetResponseCode(rq, 303);
-  AQCGI_Request_SetResponseText(rq, "See other");
+  dbPost=AQCGI_Request_GetDbPostBody(rq);
+  s=dbPost?GWEN_DB_GetCharValue(dbPost, "dest", 0, NULL):NULL;
+  if (s && *s) {
+    GWEN_BUFFER *ubuf;
+
+    ubuf=GWEN_Buffer_new(0, 128, 0, 1);
+    if (GWEN_Text_UnescapeToBufferTolerant(s, ubuf)>=0) {
+      const char *p;
+
+      p=GWEN_Buffer_GetStart(ubuf);
+      if (*p=='/')
+        AQH_ModService_Redirect(rq, p);
+      else {
+        DBG_ERROR(NULL, "Destination does not start with \"/\", not using it [%s]", p);
+        AQCGI_Request_AddResponseHeaderData(rq, "Location: index.html");
+        AQCGI_Request_SetResponseCode(rq, 303);
+        AQCGI_Request_SetResponseText(rq, "See other");
+      }
+    }
+    GWEN_Buffer_free(ubuf);
+  }
+  else {
+    AQCGI_Request_AddResponseHeaderData(rq, "Location: index.html");
+    AQCGI_Request_SetResponseCode(rq, 303);
+    AQCGI_Request_SetResponseText(rq, "See other");
+  }
+
   AQH_Session_free(session);
   AQH_User_free(user);
 
@@ -243,7 +291,7 @@ int _handleRqLoginPost(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf)
 
 
 
-AQH_USER *_getAndCheckUser(AQH_MODULE *m, AQCGI_REQUEST *rq, GWEN_BUFFER *dbuf)
+AQH_USER *_getAndCheckUser(AQH_MODULE *m, AQCGI_REQUEST *rq)
 {
   GWEN_DB_NODE *dbPost;
 
diff --git a/apps/aqhome-cgi/modules/static/en/login.html b/apps/aqhome-cgi/modules/static/en/login.html
index 1927e5b..543c838 100644
--- a/apps/aqhome-cgi/modules/static/en/login.html
+++ b/apps/aqhome-cgi/modules/static/en/login.html
@@ -4,6 +4,7 @@
         <h3>Enter your login credentials</h3>
 
         <form action="login" method="post">
+            <input type="hidden" name="dest" value="$(destination)">
             <label for="userid">Username:</label>
             <input type="text" id="userid" name="userid" placeholder="Enter your Username" required>
             <label for="password">Password:</label>
@@ -20,6 +21,4 @@
             </a>
         </p>
     </div>
-</body>
 
-</html>
\ No newline at end of file