From 83f1c96b7de3dbe84e72f0f53a434ca877d904c5 Mon Sep 17 00:00:00 2001
From: labkey-matthewb <matthewb@labkey.com>
Date: Thu, 19 Jun 2025 12:20:22 -0700
Subject: [PATCH] Don't change host:port in redirect after successful login

---
 core/src/org/labkey/core/login/LoginController.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/src/org/labkey/core/login/LoginController.java b/core/src/org/labkey/core/login/LoginController.java
index 4114d563504..20b18988f0a 100644
--- a/core/src/org/labkey/core/login/LoginController.java
+++ b/core/src/org/labkey/core/login/LoginController.java
@@ -672,8 +672,8 @@ else if (form.getTermsOfUseType() == TermsOfUseType.SITE_WIDE)
                     response.put("approvedTermsOfUse", true);
                 }
 
-                // Use the full hostname in the URL if we have one, otherwise just go with a local URI
-                String redirectString = redirectUrl.getHost() != null && redirectUrl.getScheme() != null ? redirectUrl.getURIString() : redirectUrl.toString();
+                // Use relative path.  If the host in the URL changes then our session won't follow us, and we won't be logged in (that kinda defeats the purpose of this API)
+                String redirectString = redirectUrl.getLocalURIString();
 
                 if (null != user)
                 {