Revision 60 changed the behaviour so that empty URLs would be returned 
unchanged rather than rewriting to settings.LOGIN_REDIRECT_URL.

This meant that login without a "next" parameter would end up 
redirecting back to the login_complete() view.  Since the OpenID 
response had already been handled, this would look like a replay attack 
and the user would be presented with an error.