auth: use consistent way of extracting came_from, and also sanitise it to remove...
auth: use consistent way of extracting came_from, and also sanitise it to remove
auth_token. This prevents a loop of redirection in case we get redirected to login
with this parameter.