Login button should redirect to last page

[AetherUnbound]

I frequently run into a scenario where I'm on a page and want to log in. I click the login link, log in, and then get redirected back to the home page. It would be nice if I could go from page -> login -> back to page. This would probably require storing the previous page in the URL parameters of the login page.

[sea-kelp]

(Adding this here for reference: https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html)

[sea-kelp]

Capturing some discussions about how to re-implement this safely:

• Require the next parameter to be POST-ed instead of passing it as a query variable
• Either keep a whitelist of permitted redirect urls or use urllib.parse to ensure the redirect url doesn't contain a scheme or hostname

Alternatively, if USE_SESSION_FOR_NEXT is True, the page is stored in the session under the key next.
https://flask-login.readthedocs.io/en/latest/#customizing-the-login-process