I’m using the Play Secure module and I would like to set the flash param ‘url’ to the value of the http referer header, if url is not already set, before Secure.login() executes so that upon success the browser is redirected back to the page that originally called login. Essentially defining a sensible default.

Ideally there would be a call back in Secure.login() that calls a method in a custom Security class (e.g. Security.onLogin()) where this logic could be placed. Unfortunately this callback doesn’t currently exist so a work around that I’m considering is to intercept the /login request before it is passed to Secure.login() through a route mapping declared before the Secure route mapping. Then execute the code to set the flash param to the referer header and then call Secure.login() and continue on as normal. However I don’t want my controller action handler to ‘redirect’ to Secure.login() just forward. Is this possible?