Redirect Issue

The basic idea is that before you redirect to the login page, you stash away request.request_uri somewhere. (The session object is handy, or you can put it in a hidden field in the login form).

Then, when they've successfully authenticated, grab the saved uri and redirect to there. (You'll need some kind of default place to go in case they don't come to the login page via a redirect.)

I suggest you look at acts_as_authenticated ( It provides this capability built in. If nothing else, you can look at his code and see how it's done.