Redirect to login page when Forbidden happens with anonymous user

tailbone/views/auth.py

@@ -81,14 +81,16 @@ class AuthenticationView(View):
         This is triggered whenever access is not allowed for an otherwise
         appropriate view.
         """
+        next_url = self.request.get_referrer()
         msg = literal("You do not have permission to do that.")
         if not self.request.authenticated_userid:
             msg += literal("  (Perhaps you should %s?)" %
                            tags.link_to("log in", self.request.route_url('login')))
             # Store current URL in session, for smarter redirect after login.
             self.request.session['next_url'] = self.request.current_route_url()
+            next_url = self.request.route_url('login')
         self.request.session.flash(msg, allow_duplicate=False)
-        return self.redirect(self.request.get_referrer())
+        return self.redirect(next_url)
 
     def login(self, mobile=False):
         """