https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 --- Comment #1 from David Cook <dcook@prosentient.com.au> --- (In reply to David Cook from comment #0)
However, all we need to do is save the current path in the user's session, and then recall it after the successful login.
No, not the current path, because that's the path to the API. We either need to save the path of the previous request, or we need to use the HTTP_REFERER, which is problematic since it's a user-provided HTTP header. We can validate the URL in the HTTP_REFERER, although if you initiated a login from "/cgi-bin/koha/opac-main.pl?logout.x=1" then you'd be redirected to a logout page. But we can't leave off the query string because sometimes you'd want to be redirected to "/cgi-bin/koha/opac-detail.pl?biblionumber=29" for instance. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.