diff --git a/session/oauthctl.go b/session/oauthctl.go
index 684c5b6..11abb53 100644
--- a/session/oauthctl.go
+++ b/session/oauthctl.go
@@ -55,11 +55,9 @@ func RedirectGitHubHandler(w http.ResponseWriter, r *http.Request) {
clientId := data["clientId"].(string)
loginAuthURL := data["loginAuthURL"].(string)
- referer := r.URL.Query().Get("referer")
- if "" == referer || !strings.Contains(referer, "://") {
- referer = conf.Wide.Server + referer
- }
- state := util.Rand.String(16) + referer
+ state := r.URL.Query().Get("state")
+ referer := conf.Wide.Server + "__" + state
+ state = util.Rand.String(16) + referer
states[state] = state
path := loginAuthURL + "?client_id=" + clientId + "&state=" + state + "&scope=public_repo,read:user,user:follow"
http.Redirect(w, r, path, http.StatusSeeOther)
diff --git a/views/login.html b/views/login.html
index fc6b2af..9424d01 100644
--- a/views/login.html
+++ b/views/login.html
@@ -55,8 +55,7 @@