In your user authentication server behavior on the login page you should have two options to help you with this, they are 'pass original query string on redirect' and 'Go to previous URL'.
These should help with this, if you find that the query string variable is lost when the user is redirected to the login page you can also try something else. In your access page manager where you are specifying to redirect to the login page you can add in a URL parameter here, and set it to the query string value that is present when the user visits the restricted page using the lightning bolt.