Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/LoginRequestValve.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/integration/security/LoginRequestValve.java,v
diff -u -r1.7 -r1.8
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/LoginRequestValve.java	21 Aug 2011 07:03:13 -0000	1.7
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/LoginRequestValve.java	10 Oct 2011 06:17:44 -0000	1.8
@@ -69,11 +69,10 @@
 		// invoke next valve,
 		// so we can get internal session and manager
 		getNext().invoke(request, response);
-		
+
 		// when coming back from LoginRequest save the redirect to catalina
 		// internal session
-		// temporarily override security for MindApp integration purposes
-		if (hreq.getRequestURI().endsWith(LOGIN_REQUEST) || response.getHeader("mindappLogin") != null) {
+		if (hreq.getRequestURI().endsWith(LOGIN_REQUEST)) {
 			// Looking at response header to determine redirect location
 			boolean isLoginSuccessful = false;
 			String[] headerNames = response.getHeaderNames();
@@ -90,7 +89,6 @@
 				}
 			}
 
-
 			// if login request is successful then it will redirected the page
 			// to j_security_check otherwise it's unsuccessful.
 			if (!isLoginSuccessful) {
@@ -100,18 +98,16 @@
 				HttpSession hses = hreq.getSession(false);
 				log.debug("Session Id - " + hses.getId());
 				String userid = hreq.getParameter(PARAM_USERID);
-				if (userid == null){
-				    userid = response.getHeader("mindappLogin");
-				}
-
-				// get the redirect url from RequestDispatcher
-				// The RequestDispatcher also setup any session variable
-				// required to carryout the method
 				
-				String redirect = response.getHeader("mindappRedirect");
-				if (redirect == null) {
-				   redirect = LoginRequestDispatcher.getRequestURL(hreq);
-				}
+                		// get the location from an explicit parameter
+                		String redirect = hreq.getParameter("redirectURL");
+                		if (redirect == null) {
+                		    // get the redirect url from RequestDispatcher
+                		    // The RequestDispatcher also setup any session variable
+                		    // required to carryout the method
+                		    redirect = LoginRequestDispatcher.getRequestURL(hreq);
+                		}
+
 				// check required parameters
 				if (userid != null && redirect != null && hses != null) {
 					log.info("LOGIN REQUEST DETECTED - LOGIN SUCCESSFUL");