Refactor ApplicationController#redirect_to_login_if_required to use session for SSO

app/controllers/application_controller.rb

@@ -413,17 +413,22 @@ class ApplicationController < ActionController::Base
       raise Discourse::InvalidAccess.new unless current_user && current_user.staff?
     end
 
+    def destination_url
+      request.original_url unless request.original_url =~ /uploads/
+    end
+
     def redirect_to_login_if_required
       return if current_user || (request.format.json? && api_key_valid?)
 
-      # save original URL in a cookie
-      cookies[:destination_url] = request.original_url unless request.original_url =~ /uploads/
-
       # redirect user to the SSO page if we need to log in AND SSO is enabled
       if SiteSetting.login_required?
         if SiteSetting.enable_sso?
+          # save original URL in a session so we can redirect after login
+          session[:destination_url] = destination_url
           redirect_to path('/session/sso')
         else
+          # save original URL in a cookie (javascript redirects after login in this case)
+          cookies[:destination_url] = destination_url
           redirect_to :login
         end
       end

app/controllers/session_controller.rb

@@ -11,15 +11,15 @@ class SessionController < ApplicationController
   end
 
   def sso
-    if params[:return_path]
-      return_path = params[:return_path]
-    elsif cookies[:destination_url]
-      return_path = URI::parse(cookies[:destination_url]).path
+    return_path = if params[:return_path]
+      params[:return_path]
+    elsif session[:destination_url]
+      URI::parse(session[:destination_url]).path
     else
-      return_path = path('/')
+      path('/')
     end
 
-    if SiteSetting.enable_sso
+    if SiteSetting.enable_sso?
       redirect_to DiscourseSingleSignOn.generate_url(return_path)
     else
       render nothing: true, status: 404