Hi all:

I think I have improved this situation.

At this point any login attempt will keep the user to the page where
they filled in the login form. If the login is invalid, it will pop up
a message reporting an invalid login and keep you on the same page,

If you log out and then login again, you will end up on the page you
were on before you logged out. Logout sends you to an index page (so
you aren't accidentally left on a page you think you can edit), but it
will keep the __came_from value for the page before the logout.

To make this work I have template patches and some code changes for
the LoginAction. The templates need to be patched with:

  <input type="hidden" name="__came_from"
    tal:condition="exists:request/env/QUERY_STRING"
    tal:attributes="value
string:${request/base}${request/env/PATH_INFO}?${request/env/QUERY_STRING}">
  <input type="hidden" name="__came_from"
    tal:condition="not:exists:request/env/QUERY_STRING"
   tal:attributes="value string:${request/base}${request/env/PATH_INFO}">

which replaces the current tal that sets __came_from. Also the login
form action needs to be request/base or some other safe endpoint that
will not send query arguments (so # is right out).

In addition you need my patches to cgi/actions.py to:

  * make login after a logout work (the code patch removes
      @action=logout from __came_from rather than the ugly tal I posted
      prior in this issue)
  * redirection on login failure

I am going to do some more manual testing to augment the 6 or so
additions to the test suite then check my changes in.

Does anybody want to review/test my changes?

-- rouilj