https://github.com/web2py/web2py/issues/1052
On Wed, Aug 19, 2015 at 2:23 PM, Richard <[email protected]> wrote: > Not sure it required to check if next var is empty or not... If there is > no next in the url it should log in...: > > if self.is_logged_in(): > if self.get_vars_next() is not None and self.get_vars_next() > != '': > redirect(self.get_vars_next()) > else: > redirect('default', 'index') > > So, maybe this could be rewrite like so : > > > if self.get_vars_next() is not None and self.get_vars_next() != '' and > self.is_logged_in(): > redirect(self.get_vars_next()) > > Richard > > Le mercredi 19 août 2015 14:17:41 UTC-4, Richard a écrit : >> >> I had this here and it works... Though, it needs to check if _next var is >> populated, if not redirect on default/index maybe... >> >> What do you think... I am not well versed in security could this create a >> security hole? >> >> def login( >> self, >> next=DEFAULT, >> onvalidation=DEFAULT, >> onaccept=DEFAULT, >> log=DEFAULT, >> ): >> """ >> returns a login form >> >> method: Auth.login([next=DEFAULT [, onvalidation=DEFAULT >> [, onaccept=DEFAULT [, log=DEFAULT]]]]) >> >> """ >> *if self.is_logged_in():* >> * redirect(self.get_vars_next())* >> >> table_user = self.table_user() >> settings = self.settings >> >> >> >> >> >> >> Le mercredi 19 août 2015 14:01:40 UTC-4, Richard a écrit : >>> >>> Nop it only cas_login related... >>> >>> On Wed, Aug 19, 2015 at 2:00 PM, Richard Vézina < >>> [email protected]> wrote: >>> >>>> Is the function that perform the check is : allow_access()?? >>>> >>>> On Wed, Aug 19, 2015 at 1:59 PM, Richard Vézina < >>>> [email protected]> wrote: >>>> >>>>> Exactly, I was reading the code figure where the credentials check is >>>>> perform... >>>>> >>>>> I will try to make a PR, if I can find the right place... I will send >>>>> here before what I come up with if you want to review... >>>>> >>>>> Richard >>>>> >>>>> On Wed, Aug 19, 2015 at 1:54 PM, Anthony <[email protected]> wrote: >>>>> >>>>>> On Wednesday, August 19, 2015 at 1:20:49 PM UTC-4, Richard wrote: >>>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I often, fall on this annoying issue... I alway leaves multiple tabs >>>>>>> all accessing my app open... When the browser get restart, all this tabs >>>>>>> get redirected to "user/login?_next=..." URL when I have been logged out >>>>>>> from the system... I found it unpleasant that, if I log in in one of the >>>>>>> tab, I can't just refresh the other tabs... Reload the page still >>>>>>> require >>>>>>> me to input my credentials again or that I remove the >>>>>>> "user/login?_next=" >>>>>>> from the URL to avoid log in even if I am logged in... >>>>>>> >>>>>>> I don't know if we could implement something that would make some >>>>>>> redirection to the next URL component on page reload and how this could >>>>>>> cause overhead of doing so... But it could make this repetitive task a >>>>>>> memory if it could be implement easilly... >>>>>>> >>>>>> >>>>>> Maybe early in the Auth.login method, there could be a check to see >>>>>> if the user is already logged in (i.e., check for the existence of >>>>>> self.user) and if there is a _next URL -- in that case, there could just >>>>>> be >>>>>> an immediate redirect to the _next URL without bothering with the login. >>>>>> That way, if you re-login in one tab and then hit refresh in another tab, >>>>>> the other tab will return to its original page. >>>>>> >>>>>> Anthony >>>>>> >>>>>> >>>>>>> >>>>>>> Richard >>>>>>> >>>>>> -- >>>>>> Resources: >>>>>> - http://web2py.com >>>>>> - http://web2py.com/book (Documentation) >>>>>> - http://github.com/web2py/web2py (Source code) >>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "web2py-users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> >>>> >>> -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
