okay, finally got a working redirect vuln

app/controllers/sessions_controller.rb

@@ -4,28 +4,29 @@ class SessionsController < ApplicationController
   skip_before_filter :authenticated, :only => [:new, :create]
   
   def new
-    redirect_to home_dashboard_index_path if current_user
+      @url = params[:url]
+      redirect_to home_dashboard_index_path if current_user
   end
   
 
   def create
-     
+      path = params[:url].present? ? params[:url] : home_dashboard_index_path    
       begin
         # Normalize the email address, why not
         user = User.authenticate(params[:email].to_s.downcase, params[:password])
+       # @url = params[:url]
       rescue Exception => e
       end
       
       if user
         session[:user_id] = user.user_id if User.where(:user_id => user.user_id).exists?
-        redirect_to home_dashboard_index_path
+        redirect_to path
       else
         # Removed this code, just doesn't seem specific enough!
         #  flash[:error] = "Either your username and password is incorrect" 
         flash[:error] = e.message
         render "new"
-      end
-      
+      end         
   end
   
   def destroy