If you are using custom code to validate user, ensure that it actually redirects to the Returnurl, if it is valid.
Example:
if (Membership.ValidateUser(userName.Text, password.Text))
{
if (Request.QueryString["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(userName.Text, false);
}
else
{
FormsAuthentication.SetAuthCookie(userName.Text, false);
}
}
else
{
Response.Write("Invalid UserID and Password");
}
If this doesn't help, one would have to review your code.