Ben,
I think we need to change the existing code which does something like:
response.sendRedirct(x)
to
response.sendRedirect(response.encodeRedirectURL())
The existing code is not going to work properly for people who have
turned off cookies, or environments (like some Mobile phones)
have you considered providing XACML and RBAC support in Acegi?
I did look at similar standards during the design phase of Acegi. Not all of
them, but certainly quite a few.
I ended up going with a solution that would fit our internal needs but be
reasonably extensible/pluggable. I'd certainly