I want users to redirect to the page they came from originally after they login - I have seen the docs on using state etc. but I would like to know why the below doesn’t work 
I’m using lock with login.php and a page after that called redirect.php as a redirect. This is how login looks with a session to get the page the user started on so it can be redirected later:
<?php
require DIR . ‘/vendor/autoload.php’;
use Auth0\SDK\Auth0;
session_start();
$_SESSION['redirect_url'] = $_SERVER['HTTP_REFERER'];
[$domain and client params here]
$redirect_uri = "http://localhost:3000/auth/redirect.php";
$audience = "";
if($audience == ''){
$audience = 'https://' . $domain . '/userinfo';
}
$auth0 = new Auth0([
'domain' => $domain,
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri,
'audience' => $audience,
'scope' => 'openid profile',
'persist_id_token' => true,
'persist_access_token' => true,
'persist_refresh_token' => true,
]);
\Firebase\JWT\JWT::$leeway = 2400000;
$auth0->login();
This is then how redirect.php looks:
<?php
session_start();
echo "Thank you, redirecting you...";
header('Location: ' . $_SESSION['redirect_url']);
?>
This has been correctly returning me to the original page, but the login doesn’t work - I’m still logged out, no error message, no user info dump, nothing. Is my use of $_SESSION breaking something that auth0 uses? Or is there a different issue?
The login was working fine before I instated the redirect flow (I just hardcoded the homepage as the redirect)… And I am aware of the docs talking about nonce etc but I just wanted to test with this first - surely it should work?