Fixed return_to when authorization gets lost.

app/controllers/application_controller.rb

@@ -22,7 +22,7 @@ class ApplicationController < ActionController::Base
   helper_method :current_user
 
   def deny_access
-    self.return_to = request.original_url
+    session[:return_to] = request.original_url
     redirect_to login_url, :alert => 'Access denied!'
   end
 
@@ -33,7 +33,7 @@ class ApplicationController < ActionController::Base
     if !current_user
       # No user at all: redirect to login page.
       session[:user_id] = nil
-      session['return_to'] = request.fullpath
+      session[:return_to] = request.original_url
       redirect_to login_url, :alert => 'Authentication required!'
     else
       # We have an authenticated user, now check role...

app/controllers/sessions_controller.rb

@@ -11,7 +11,13 @@ class SessionsController < ApplicationController
     if user
       session[:user_id] = user.id
       session[:scope] = FoodsoftConfig.scope  # Save scope in session to not allow switching between foodcoops with one account
-      redirect_to session['return_to'] || root_url, :notice => "Logged in!"
+      if session[:return_to].present?
+        redirect_to_url = session[:return_to]
+        session[:return_to] = nil
+      else
+        redirect_to_url = root_url
+      end
+      redirect_to redirect_to_url, :notice => "Logged in!"
     else
       flash.now.alert = "Invalid email or password"
       render "new"