Maybe right after the "next" variable is set here
<https://github.com/web2py/web2py/blob/master/gluon/tools.py#L2545>,
something like:
if self.is_logged_in():
if next == session._auth_next:
del session._auth_next
redirect(next, client_side=settings.client_side)
Maybe abstract those last three lines into a function, as nearly the same
code is executed in two other places.
Anthony
On Wednesday, August 19, 2015 at 2:23:57 PM UTC-4, Richard wrote:
>
> Not sure it required to check if next var is empty or not... If there is
> no next in the url it should log in...:
>
> if self.is_logged_in():
> if self.get_vars_next() is not None and self.get_vars_next()
> != '':
> redirect(self.get_vars_next())
> else:
> redirect('default', 'index')
>
> So, maybe this could be rewrite like so :
>
>
> if self.get_vars_next() is not None and self.get_vars_next() != '' and
> self.is_logged_in():
> redirect(self.get_vars_next())
>
> Richard
>
> Le mercredi 19 août 2015 14:17:41 UTC-4, Richard a écrit :
>>
>> I had this here and it works... Though, it needs to check if _next var is
>> populated, if not redirect on default/index maybe...
>>
>> What do you think... I am not well versed in security could this create a
>> security hole?
>>
>> def login(
>> self,
>> next=DEFAULT,
>> onvalidation=DEFAULT,
>> onaccept=DEFAULT,
>> log=DEFAULT,
>> ):
>> """
>> returns a login form
>>
>> method: Auth.login([next=DEFAULT [, onvalidation=DEFAULT
>> [, onaccept=DEFAULT [, log=DEFAULT]]]])
>>
>> """
>> *if self.is_logged_in():*
>> * redirect(self.get_vars_next())*
>>
>> table_user = self.table_user()
>> settings = self.settings
>>
>>
>>
>>
>>
>>
>> Le mercredi 19 août 2015 14:01:40 UTC-4, Richard a écrit :
>>>
>>> Nop it only cas_login related...
>>>
>>> On Wed, Aug 19, 2015 at 2:00 PM, Richard Vézina <
>>> [email protected]> wrote:
>>>
>>>> Is the function that perform the check is : allow_access()??
>>>>
>>>> On Wed, Aug 19, 2015 at 1:59 PM, Richard Vézina <
>>>> [email protected]> wrote:
>>>>
>>>>> Exactly, I was reading the code figure where the credentials check is
>>>>> perform...
>>>>>
>>>>> I will try to make a PR, if I can find the right place... I will send
>>>>> here before what I come up with if you want to review...
>>>>>
>>>>> Richard
>>>>>
>>>>> On Wed, Aug 19, 2015 at 1:54 PM, Anthony wrote:
>>>>>
>>>>>> On Wednesday, August 19, 2015 at 1:20:49 PM UTC-4, Richard wrote:
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I often, fall on this annoying issue... I alway leaves multiple tabs
>>>>>>> all accessing my app open... When the browser get restart, all this
>>>>>>> tabs
>>>>>>> get redirected to "user/login?_next=..." URL when I have been logged
>>>>>>> out
>>>>>>> from the system... I found it unpleasant that, if I log in in one of
>>>>>>> the
>>>>>>> tab, I can't just refresh the other tabs... Reload the page still
>>>>>>> require
>>>>>>> me to input my credentials again or that I remove the
>>>>>>> "user/login?_next="
>>>>>>> from the URL to avoid log in even if I am logged in...
>>>>>>>
>>>>>>> I don't know if we could implement something that would make some
>>>>>>> redirection to the next URL component on page reload and how this could
>>>>>>> cause overhead of doing so... But it could make this repetitive task a
>>>>>>> memory if it could be implement easilly...
>>>>>>>
>>>>>>
>>>>>> Maybe early in the Auth.login method, there could be a check to see
>>>>>> if the user is already logged in (i.e., check for the existence of
>>>>>> self.user) and if there is a _next URL -- in that case, there could just
>>>>>> be
>>>>>> an immediate redirect to the _next URL without bothering with the login.
>>>>>> That way, if you re-login in one tab and then hit refresh in another
>>>>>> tab,
>>>>>> the other tab will return to its original page.
>>>>>>
>>>>>> Anthony
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> Richard
>>>>>>>
>>>>>> --
>>>>>> Resources:
>>>>>> - http://web2py.com
>>>>>> - http://web2py.com/book (Documentation)
>>>>>> - http://github.com/web2py/web2py (Source code)
>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>>>>> ---
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "web2py-users" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to [email protected].
>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>
>>>>>
>>>>>
>>>>
>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
