This is obvious but bears repeating. I still silently curse every site that makes this mistake.
I've done my part to fix it, by the way. Here's the introduction to Section 6.5 in my book RailsSpace:
6.5 Friendly URL forwarding
There’s one final flourish we’d like to add to our basic login functionality. One of our
pet peeves is when we go to the front page of a site, click on a link for a protected
page, are prompted to log in, and then get forwarded back to the front page rather than
to the protected page we originally requested. This is lame, lame, lame. Obviously, the
site should remember the protected page we requested and then forward us there after
logging in. Let’s implement (and test) this feature, which we call “friendly forwarding.”
One thing is that often times you also care about the POST vars that got you to that page, so you need to somehow persist that as well, which is harder since you can't get a redirect to POST easily.
So the problem is (sometimes) harder than it appears.
The sites I've designed just do the login live on the page you needed it on, via AJAX, without actually redirecting you anywhere. Of course, each displayed page has to know both its guest and user state (and be able to transition between them), but that seems like the correct approach, anyway.
I've done my part to fix it, by the way. Here's the introduction to Section 6.5 in my book RailsSpace:
6.5 Friendly URL forwarding
There’s one final flourish we’d like to add to our basic login functionality. One of our pet peeves is when we go to the front page of a site, click on a link for a protected page, are prompted to log in, and then get forwarded back to the front page rather than to the protected page we originally requested. This is lame, lame, lame. Obviously, the site should remember the protected page we requested and then forward us there after logging in. Let’s implement (and test) this feature, which we call “friendly forwarding.”