I had this here and it works... Though, it needs to check if _next var is
populated, if not redirect on default/index maybe...
What do you think... I am not well versed in security could this create a
security hole?
def login(
self,
next=DEFAULT,
onvalidation=DEFAULT,
onaccept=DEFAULT,
log=DEFAULT,
):
"""
returns a login form
method: Auth.login([next=DEFAULT [, onvalidation=DEFAULT
[, onaccept=DEFAULT [, log=DEFAULT]]]])
"""
*if self.is_logged_in():*
* redirect(self.get_vars_next())*
table_user = self.table_user()
settings = self.settings
Le mercredi 19 août 2015 14:01:40 UTC-4, Richard a écrit :
>
> Nop it only cas_login related...
>
> On Wed, Aug 19, 2015 at 2:00 PM, Richard Vézina <
> [email protected]> wrote:
>
>> Is the function that perform the check is : allow_access()??
>>
>> On Wed, Aug 19, 2015 at 1:59 PM, Richard Vézina <
>> [email protected]> wrote:
>>
>>> Exactly, I was reading the code figure where the credentials check is
>>> perform...
>>>
>>> I will try to make a PR, if I can find the right place... I will send
>>> here before what I come up with if you want to review...
>>>
>>> Richard
>>>
>>> On Wed, Aug 19, 2015 at 1:54 PM, Anthony <[email protected]> wrote:
>>>
>>>> On Wednesday, August 19, 2015 at 1:20:49 PM UTC-4, Richard wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> I often, fall on this annoying issue... I alway leaves multiple tabs
>>>>> all accessing my app open... When the browser get restart, all this tabs
>>>>> get redirected to "user/login?_next=..." URL when I have been logged out
>>>>> from the system... I found it unpleasant that, if I log in in one of the
>>>>> tab, I can't just refresh the other tabs... Reload the page still require
>>>>> me to input my credentials again or that I remove the "user/login?_next="
>>>>> from the URL to avoid log in even if I am logged in...
>>>>>
>>>>> I don't know if we could implement something that would make some
>>>>> redirection to the next URL component on page reload and how this could
>>>>> cause overhead of doing so... But it could make this repetitive task a
>>>>> memory if it could be implement easilly...
>>>>>
>>>>
>>>> Maybe early in the Auth.login method, there could be a check to see if
>>>> the user is already logged in (i.e., check for the existence of self.user)
>>>> and if there is a _next URL -- in that case, there could just be an
>>>> immediate redirect to the _next URL without bothering with the login. That
>>>> way, if you re-login in one tab and then hit refresh in another tab, the
>>>> other tab will return to its original page.
>>>>
>>>> Anthony
>>>>
>>>>
>>>>>
>>>>> Richard
>>>>>
>>>> --
>>>> Resources:
>>>> - http://web2py.com
>>>> - http://web2py.com/book (Documentation)
>>>> - http://github.com/web2py/web2py (Source code)
>>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "web2py-users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>>
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
