how it works
When the ini is set, and when the login
page html is generated by the Domino Server the URL set in hidden Redirecto
field should have an extra temporary query string argument appended
to it. That argument appears as $$_vrd2=<validation
token>. When the form is
posted the login processing will use that token to validate if the redirect
to URL to make sure it has not been hacked/changed. If the token
is not present or the URL cannot be validated then the login request is
rejected. The extra query argument is stripped off before doing
the redirection after login.
If for some reason the login form has some other way of specifying the
redirect to URL (the domino server does not generate it or is overridden
with something else). The the token will not be present and the login request
is rejected.
So for example, if the incoming URL that causes a login page to appear
looks like /foo.nsf?Open, the redirectto url in the login form should look
like /foo.nsf?Open&$$_vrd2=<validation token>
When the form is posted the login processing will take the <validation
token> and verify it before login, if okay we do the login and redirect
back to the orginal url /foo.nsf?Open. If the validation fails then
login fails.
In your case the redirectto field
should be set to /?$$_vrd2=<validation token> and if login is successful
then we would redirect back to / and strip off the ?$$_vrd2 query arg.
If this continues to be a problem, the next step will be to raise a pmr.
There may be something about your use case and your login form that
is causing things not to work.