diff --git a/tailbone/subscribers.py b/tailbone/subscribers.py
index fb7c5d36..23e31f3b 100644
--- a/tailbone/subscribers.py
+++ b/tailbone/subscribers.py
@@ -117,11 +117,9 @@ def context_found(event):
         if request.session.get('referrer'):
             return request.session.pop('referrer')
         referrer = request.referrer
-        if not referrer or referrer == request.current_route_url():
-            if default:
-                referrer = default
-            else:
-                referrer = request.route_url('home')
+        if (not referrer or referrer == request.current_route_url()
+            or not referrer.startswith(request.host_url)):
+            referrer = default or request.route_url('home')
         return referrer
     request.get_referrer = get_referrer
 
diff --git a/tailbone/views/auth.py b/tailbone/views/auth.py
index aec51e01..cc03122f 100644
--- a/tailbone/views/auth.py
+++ b/tailbone/views/auth.py
@@ -56,11 +56,7 @@ def forbidden(request):
         # Store current URL in session, for smarter redirect after login.
         request.session['next_url'] = request.current_route_url()
     request.session.flash(msg, allow_duplicate=False)
-
-    url = request.referer
-    if not url or url == request.current_route_url():
-        url = request.route_url('home')
-    return HTTPFound(location=url)
+    return HTTPFound(location=request.get_referrer())
 
 
 class UserLogin(formencode.Schema):