Index: filters/apache/mod_cosign.c
===================================================================
RCS file: /cvsroot/cosign/cosign/filters/apache/mod_cosign.c,v
retrieving revision 1.79
diff -u -r1.79 mod_cosign.c
--- filters/apache/mod_cosign.c	13 Nov 2007 03:14:52 -0000	1.79
+++ filters/apache/mod_cosign.c	30 Jan 2008 23:36:03 -0000
@@ -109,6 +109,7 @@
     int			i;
     unsigned int	port;
     struct timeval	now;
+    request_rec		*parent;
 
     /* if they've posted, let them know they are out of luck */
     if ( r->method_number == M_POST ) {
@@ -145,6 +146,15 @@
 
     ap_table_set( r->err_headers_out, "Set-Cookie", full_cookie );
 
+    /* If we're an internal redirect, then we want to send the cosign
+     * server the URL that the user asked for, rather than the one we've
+     * been redirected to.
+     */
+    parent = r;
+    while (parent->prev) {
+        parent = parent->prev;
+    }
+
     if ( cfg->siteentry != NULL && strcasecmp( cfg->siteentry, "none" ) != 0 ) {
 	ref = cfg->siteentry;
     } else {
@@ -153,20 +163,20 @@
 	    if ((( port = ap_get_server_port( r )) == 80 ) ||
 		    ( cfg->noappendport == 1 )) {
 		ref = ap_psprintf( r->pool, "http://%s%s", 
-			ap_get_server_name( r ), r->unparsed_uri );
+			ap_get_server_name( r ), parent->unparsed_uri );
 	    } else {
 		ref = ap_psprintf( r->pool, "http://%s:%d%s", 
-			ap_get_server_name( r ), port, r->unparsed_uri );
+			ap_get_server_name( r ), port, parent->unparsed_uri );
 	    }
 	/* live securely, redirecting to https */
 	} else {
 	    if ((( port = ap_get_server_port( r )) == 443 ) ||
 		    ( cfg->noappendport == 1 )) {
 		ref = ap_psprintf( r->pool, "https://%s%s", 
-			ap_get_server_name( r ), r->unparsed_uri );
+			ap_get_server_name( r ), parent->unparsed_uri );
 	    } else {
 		ref = ap_psprintf( r->pool, "https://%s:%d%s", 
-			ap_get_server_name( r ), port, r->unparsed_uri );
+			ap_get_server_name( r ), port, parent->unparsed_uri );
 	    }
 	}
     }