penders - 12:49 pm on Feb 10, 2012 (gmt 0)
Isn't referer disabled for POST requests?
The referer should be saved in the session before the POST request, when the login form is first displayed. And should not be overwritten if the referer is blank (the page is refreshed etc.)
But yes, this is not ideal. The referer could be blank in the beginning, so you would have no choice but to be redirected to the index page on success in this instance.
An alternative would be to store the current URL before being redirected to the login page rather than checking the referer on the login page. This would probably be the better approach.