From e18807f8f8267b6f1ed4127484f649722827b3eb Mon Sep 17 00:00:00 2001
From: Joshua Laymon <joshlaymon@icloud.com>
Date: Sat, 10 Jan 2026 00:19:21 +0000
Subject: [PATCH] Update web/core/views.py

---
 web/core/views.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/web/core/views.py b/web/core/views.py
index 9cb7e20..29a5973 100644
--- a/web/core/views.py
+++ b/web/core/views.py
@@ -54,17 +54,21 @@ EXPECTED_HEADERS = [
 ]
 
 def login_view(request):
-    # Already logged into Django
+    # If Django session already exists, go to app
     if request.user.is_authenticated:
         return redirect("search")
 
-    # Auto-initiate OIDC only for direct /login access
-    if request.method == "GET" and request.path == "/login/":
+    # Only auto-start OIDC if this is a fresh browser visit
+    # and NOT a redirect coming from Django itself
+    if (
+        request.method == "GET"
+        and "next" not in request.GET
+    ):
         return redirect("oidc_authentication_init")
 
+    # Fallback: show login page (rare, but prevents loops)
     ctx = {}
 
-    # Optional local login fallback
     if request.method == "POST":
         u = request.POST.get("username")
         p = request.POST.get("password")
@@ -77,6 +81,7 @@ def login_view(request):
     return render(request, "login.html", ctx)
 
 
+
 def is_admin(user):
     return user.is_superuser or user.is_staff