Only GET vars should be added to the _next parameter in the URL on a
redirect to login. Does your form happen to be a GET form rather than a
POST form?
Anthony
On Tuesday, August 6, 2013 10:21:06 PM UTC-4, Lamps902 wrote:
>
> I have a controller function which is protected by a standard
> authentication decorator ("@auth.requires_login()"). The function presents
> a page containing some forms (which contain a bunch of "INPUT( _type =
> 'hidden', ...)" and one "INPUT(_type = 'image', ...)", which presents the
> submission button).
>
> If a session terminates in a non-standard way (cookies deleted in browser,
> "logout" is clicked and directed to a new tab, etc.), the page with the
> forms is still present on screen, and if one of the forms is clicked, the
> login prompt is presented. After the user logs in, the form is processed as
> usual. However, if the user clicks on the form again, the values submitted
> by the new form will be appended to the corresponding values already
> present in request.vars, making a two-item list for each var. That is,
> something like:
>
> request.vars.action = action1
> request.vars.item = 24
>
> will turn into
>
> request.vars.action = action1
> action1
> request.vars.item = 24
> 24
>
> Why are the new values appending to the old, instead of overwriting them?
> What's the recommended way to deal with this situation? Thank you.
>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
