Only redirect to referrer from public GitLab pages

app/controllers/sessions_controller.rb

 class SessionsController < Devise::SessionsController
   def new
-    redirect_url = if request.referer.present?
+    redirect_path = if request.referer.present? && (params['redirect_to_referer'] == 'yes')
                      referer_uri = URI(request.referer)
                      if referer_uri.host == Gitlab.config.gitlab.host
                        referer_uri.path
@@ -12,7 +12,11 @@ class SessionsController < Devise::SessionsController
                      request.fullpath
                    end
-    store_location_for(:redirect, redirect_url)
+    # Prevent a 'you are already signed in' message directly after signing:
+    # we should never redirect to '/users/sign_in' after signing in successfully.
+    unless redirect_path == '/users/sign_in'
+      store_location_for(:redirect, redirect_path)
+    end
     super
   end

app/views/layouts/_public_head_panel.html.haml

@@ -13,10 +13,10 @@
         %i.icon-reorder
       .pull-right.hidden-xs
-        = link_to "Sign in", new_session_path(:user), class: 'btn btn-sign-in btn-new'
+        = link_to "Sign in", new_session_path(:user, redirect_to_referer: 'yes'), class: 'btn btn-sign-in btn-new'
       .navbar-collapse.collapse
         %ul.nav.navbar-nav
           %li.visible-xs
-            = link_to "Sign in", new_session_path(:user)
+            = link_to "Sign in", new_session_path(:user, redirect_to_referer: 'yes')