diff --git a/VERSION b/VERSION
index 2139e39c..08ff8f13 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-Version 2.2.1 (2012-11-08 16:19:37) stable
+Version 2.2.1 (2012-11-09 14:11:30) stable
diff --git a/gluon/tools.py b/gluon/tools.py
index 12f20b80..af1356d7 100644
--- a/gluon/tools.py
+++ b/gluon/tools.py
@@ -1828,14 +1828,15 @@ class Auth(object):
                              created_on=request.now,
                              renew=interactivelogin)
             service = session._cas_service
+            query_sep = '&' if '?' in service else '?'
             del session._cas_service
             if 'warn' in request.vars and not interactivelogin:
                 response.headers[
-                    'refresh'] = "5;URL=%s" % service + "?ticket=" + ticket
+                    'refresh'] = "5;URL=%s" % service + query_sep + "ticket=" + ticket
                 return A("Continue to %s" % service,
-                         _href=service + "?ticket=" + ticket)
+                         _href=service + query_sep + "ticket=" + ticket)
             else:
-                redirect(service + "?ticket=" + ticket)
+                redirect(service + query_sep + "ticket=" + ticket)
         if self.is_logged_in() and not 'renew' in request.vars:
             return allow_access()
         elif not self.is_logged_in() and 'gateway' in request.vars: