[session] do not clean the after_url session attribute

The attribute is still used by the AccessError exceptions to store the
continuation URL when redirecting to the login page.

authentic/sessions.py

@@ -86,7 +86,7 @@ class BasicSession(Session, CaptchaSession, StorableObject):
     def set_service(self, value):
         self._service = value
 
-    _not_cleaned = ('_service')
+    _not_cleaned = ('_service','after_url')
     _to_remove = ('login_tokens')
 
     def clean_data(self):