2009/2/11 Gustavo Narea <m...@gustavonarea.net>:
>> Here is my question : is it possible to get rid of the "came_from"
>> param in the url which is useless when using post login and post
>> logout url ?
> I don't think it's useless. For example, by default TG2 applications use that
> parameter in the post-login/out handler to redirect to it. In the case of the
> post-login handler, if the user gets there and is anonymous, that can only
> mean one thing: She tried to log in with the wrong credentials.

I understand, you're right: came_from is useful even when using
post-login/out handler.

>> It will be also great if it was possible to choose using the __logins
>> counter or no, so that we could keep a clean url if wanted.
> But without it you wouldn't be able to handle failed logins, *unless* you use
> a post-login handler. It sounds like a sensible feature to me, can you please
> open a ticket?

My main concern was to keep a clean url, but param "came_from" and
"__logins" available in the querystring prevent url from keeping a
clean design.
A proposed solution would be to store these data in a cookie rather
than the query string. It would be the default behavior, but if client
navigator does not support cookie (or cookie is not enabled), then we
could fall back into the query string mechanism for storing these
What do you think about it?

We could also alternatively add specific argument to quickstart plugin
to choose wether to use cookie or query string for storing the params
"came_from" and "__logins"...

Yes, I will open a ticket, after reading your feedback.


Repoze-dev mailing list

Reply via email to