The basic idea is that before you redirect to the login page, you
stash away request.request_uri somewhere. (The session object is
handy, or you can put it in a hidden field in the login form).
Then, when they've successfully authenticated, grab the saved uri and
redirect to there. (You'll need some kind of default place to go in
case they don't come to the login page via a redirect.)
I suggest you look at acts_as_authenticated
provides this capability built in. If nothing else, you can look at
his code and see how it's done.