[#7759] after pwd recovery, don't let login page send user back to pwd recovery form (referrer)
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index fca553c..e160535 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -168,7 +168,7 @@
user.set_tool_data('AuthPasswordReset', hash='', hash_expiry='')
h.auditlog_user('Password changed (through recovery process)', user=user)
flash('Password changed')
- redirect('/auth/')
+ redirect('/auth/?return_to=/') # otherwise the default return_to would be the forgotten_password referrer page
@expose()
@require_post()