diff --git a/AUTHORS b/AUTHORS
index 980b591a..24dbdb86 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -58,3 +58,4 @@ reporting bugs, providing fixes, suggesting useful features or other:
 	Aimoto Norihito <https://github.com/oss-aimoto>
 	Andy Lindeman <https://github.com/alindeman>
 	Stefan Wachter <https://github.com/swachter>
+	Paolo Battino
diff --git a/ChangeLog b/ChangeLog
index d0abd542..cfbf89e8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+01/22/2020
+- URL encode logout url in session management JS; thanks Paolo Battino
+- bump to 2.4.1rc5
+
 01/15/2020
 - add value of OIDC_SET_COOKIE_APPEND env var to Set-Cookie headers
   useful for handling changing/upcoming SameSite behaviors across different browsers, e.g.:
diff --git a/configure.ac b/configure.ac
index 90b5d79f..8864b999 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([mod_auth_openidc],[2.4.1rc4],[hans.zandbelt@zmartzone.eu])
+AC_INIT([mod_auth_openidc],[2.4.1rc5],[hans.zandbelt@zmartzone.eu])
 
 AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())
 
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
index 83c3a100..b7fb86c0 100644
--- a/src/mod_auth_openidc.c
+++ b/src/mod_auth_openidc.c
@@ -3254,7 +3254,7 @@ static int oidc_handle_session_management_iframe_rp(request_rec *r, oidc_cfg *c,
 			"            }\n"
 			"		   } else {\n"
 			"              // either 'changed' + active session, or 'error': enforce a logout\n"
-			"              window.top.location.replace('%s?logout=' + window.top.location.href);\n"
+			"              window.top.location.replace('%s?logout=' + encodeURIComponent(window.top.location.href));\n"
 			"          }\n"
 			"        }\n"
 			"      }\n"