Custom login forms can use a hidden `redirect_url` input field to specify the destination URL after the second factor authentication. Related to #276 and #222.
