diff --git a/lib/redmine_cas/account_controller_patch.rb b/lib/redmine_cas/account_controller_patch.rb
index ed9a24d..5fbc6cf 100644
--- a/lib/redmine_cas/account_controller_patch.rb
+++ b/lib/redmine_cas/account_controller_patch.rb
@@ -48,7 +48,24 @@ module RedmineCAS
           else
             self.logged_user = user
           end
-          redirect_to url_for(params.merge(:ticket => nil))
+
+          # If a parameter :ref exists, redirect to :ref. This is a workaround for the
+          # usability problem I introduced trying to fix issue #9.
+          # https://github.com/ninech/redmine_cas/pull/13#issuecomment-53697288
+
+          if params.has_key?(:ref)
+            # do some basic validation on ref, to prevent a malicious link to redirect
+            # to another site.
+            new_url = params[:ref]
+            if /http(s)?:\/\/|@/ =~ new_url
+              # evil referrer!
+              redirect_to url_for(params.merge(:ticket => nil))
+            else
+              redirect_to request.base_url + params[:ref]
+            end
+          else
+            redirect_to url_for(params.merge(:ticket => nil))
+          end
         else
           # CASClient called redirect_to
         end
diff --git a/lib/redmine_cas/application_controller_patch.rb b/lib/redmine_cas/application_controller_patch.rb
index 484db28..b63eaca 100644
--- a/lib/redmine_cas/application_controller_patch.rb
+++ b/lib/redmine_cas/application_controller_patch.rb
@@ -14,9 +14,12 @@ module RedmineCAS
       def require_login_with_cas
         return require_login_without_cas unless RedmineCAS.enabled?
         if !User.current.logged?
+          referrer = request.fullpath;
           respond_to do |format|
-            format.html { redirect_to :controller => 'account', :action => 'cas' }
-            format.atom { redirect_to :controller => 'account', :action => 'cas' }
+            # pass referer to cas action, to work around this problem:
+            # https://github.com/ninech/redmine_cas/pull/13#issuecomment-53697288
+            format.html { redirect_to :controller => 'account', :action => 'cas', :ref => referrer }
+            format.atom { redirect_to :controller => 'account', :action => 'cas', :ref => referrer }
             format.xml  { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
             format.js   { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
             format.json { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }