diff --git a/gluon/tools.py b/gluon/tools.py
index 7bfa4b7f..98e6bc02 100644
--- a/gluon/tools.py
+++ b/gluon/tools.py
@@ -1921,8 +1921,11 @@ class Auth(object):
             # Prevent an attacker from adding an arbitrary url after the
             # _next variable in the request.
             items = next.split('/')
-            if '//' in next and items[2] != current.request.env.http_host:
-                next = None
+            if next:
+                if next[0] != '/':
+                    if '://' not in next or next.split('://')[1].split('/')[0] != current.request.env.http_host:
+                        if ':' in next.split('/')[0]:
+                            next = None
         return next
 
     def _get_user_id(self):