diff --git a/DnsServerCore/WebServiceOtherZonesApi.cs b/DnsServerCore/WebServiceOtherZonesApi.cs
index 42fc336b..115743c8 100644
--- a/DnsServerCore/WebServiceOtherZonesApi.cs
+++ b/DnsServerCore/WebServiceOtherZonesApi.cs
@@ -19,6 +19,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 using DnsServerCore.Dns.Zones;
 using Newtonsoft.Json;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Net;
@@ -53,7 +54,7 @@ namespace DnsServerCore
         {
             _dnsWebService.DnsServer.CacheZoneManager.Flush();
 
-            _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Cache was flushed.");
+            _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Cache was flushed.");
         }
 
         public void ListCachedZones(HttpListenerRequest request, JsonTextWriter jsonWriter)
@@ -128,7 +129,7 @@ namespace DnsServerCore
                 throw new DnsWebServiceException("Parameter 'domain' missing.");
 
             if (_dnsWebService.DnsServer.CacheZoneManager.DeleteZone(domain))
-                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Cached zone was deleted: " + domain);
+                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Cached zone was deleted: " + domain);
         }
 
         #endregion
@@ -217,7 +218,8 @@ namespace DnsServerCore
             {
                 if (formPart.StartsWith("allowedZones="))
                 {
-                    string[] allowedZones = formPart.Substring(13).Split(',');
+                    string value = Uri.UnescapeDataString(formPart.Substring(13));
+                    string[] allowedZones = value.Split(',');
                     bool added = false;
 
                     foreach (string allowedZone in allowedZones)
@@ -228,7 +230,7 @@ namespace DnsServerCore
 
                     if (added)
                     {
-                        _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Total " + allowedZones.Length + " zones were imported into allowed zone successfully.");
+                        _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Total " + allowedZones.Length + " zones were imported into allowed zone successfully.");
                         _dnsWebService.DnsServer.AllowedZoneManager.SaveZoneFile();
                     }
 
@@ -261,7 +263,7 @@ namespace DnsServerCore
 
             if (_dnsWebService.DnsServer.AllowedZoneManager.DeleteZone(domain))
             {
-                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Allowed zone was deleted: " + domain);
+                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Allowed zone was deleted: " + domain);
                 _dnsWebService.DnsServer.AllowedZoneManager.SaveZoneFile();
             }
         }
@@ -270,7 +272,7 @@ namespace DnsServerCore
         {
             _dnsWebService.DnsServer.AllowedZoneManager.Flush();
 
-            _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Allowed zone was flushed successfully.");
+            _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Allowed zone was flushed successfully.");
             _dnsWebService.DnsServer.AllowedZoneManager.SaveZoneFile();
         }
 
@@ -285,7 +287,7 @@ namespace DnsServerCore
 
             if (_dnsWebService.DnsServer.AllowedZoneManager.AllowZone(domain))
             {
-                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Zone was allowed: " + domain);
+                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Zone was allowed: " + domain);
                 _dnsWebService.DnsServer.AllowedZoneManager.SaveZoneFile();
             }
         }
@@ -376,7 +378,8 @@ namespace DnsServerCore
             {
                 if (formPart.StartsWith("blockedZones="))
                 {
-                    string[] blockedZones = formPart.Substring(13).Split(',');
+                    string value = Uri.UnescapeDataString(formPart.Substring(13));
+                    string[] blockedZones = value.Split(',');
                     bool added = false;
 
                     foreach (string blockedZone in blockedZones)
@@ -387,7 +390,7 @@ namespace DnsServerCore
 
                     if (added)
                     {
-                        _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Total " + blockedZones.Length + " zones were imported into blocked zone successfully.");
+                        _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Total " + blockedZones.Length + " zones were imported into blocked zone successfully.");
                         _dnsWebService.DnsServer.BlockedZoneManager.SaveZoneFile();
                     }
 
@@ -420,7 +423,7 @@ namespace DnsServerCore
 
             if (_dnsWebService.DnsServer.BlockedZoneManager.DeleteZone(domain))
             {
-                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Blocked zone was deleted: " + domain);
+                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Blocked zone was deleted: " + domain);
                 _dnsWebService.DnsServer.BlockedZoneManager.SaveZoneFile();
             }
         }
@@ -429,7 +432,7 @@ namespace DnsServerCore
         {
             _dnsWebService.DnsServer.BlockedZoneManager.Flush();
 
-            _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Blocked zone was flushed successfully.");
+            _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Blocked zone was flushed successfully.");
             _dnsWebService.DnsServer.BlockedZoneManager.SaveZoneFile();
         }
 
@@ -444,7 +447,7 @@ namespace DnsServerCore
 
             if (_dnsWebService.DnsServer.BlockedZoneManager.BlockZone(domain))
             {
-                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).Username + "] Domain was added to blocked zone: " + domain);
+                _dnsWebService.Log.Write(DnsWebService.GetRequestRemoteEndPoint(request), "[" + _dnsWebService.GetSession(request).User.Username + "] Domain was added to blocked zone: " + domain);
                 _dnsWebService.DnsServer.BlockedZoneManager.SaveZoneFile();
             }
         }