I'm not using session.secure()
App runs just over http
I've made a view and write my own custom HTML form, with a couple of inputs
that request the new password twice, and then I submit the form through
ajax.
This is the controller/function that takes that ajax post:
@auth.requires_login()
def _change_password():
user_row = db.auth_user[auth.user.id]
text_pass = request.post_vars.password
user_row.update_record(password=db.auth_user.password.validate(text_pass
)[0])
return response.json({'success': True})
The jQuery code that submits the form through ajax, inspects that
result.success is True, and redirects to "my account" page that requires
login.
Everytime I change my password, the change is performed ok, the redirection
too, but in that point the user isn't logged anymore, because "my account"
page requires login and web2py redirects me to login page.
These are my auth settings, just in case:
auth.settings.login_url = URL('default', 'user', args='login')
auth.settings.logout_next = URL('default', 'index')
auth.settings.on_failed_authorization = URL('static', args='403.html')
auth.settings.create_user_groups = False
auth.settings.download_url = URL('default', 'download')
auth.settings.expiration = 172800 # two days, in order to avoid problem
with Firefox (after short expiration, login isn't possible anymore until
deleting cookie)
auth.settings.long_expiration = 2592000 # one month
El domingo, 27 de septiembre de 2015, 10:41:46 (UTC-3), Anthony escribió:
>
> Are you using session.secure() and transitioning from https to http during
> this process? You may need to show some additional code. Maybe check
> whether the session cookie is being returned and what is in the session
> before and after this action.
>
> On Sunday, September 27, 2015 at 9:06:08 AM UTC-4, Lisandro wrote:
>>
>> I've implemented a custom change password form that works ok. However,
>> everytime I change my password, web2py logs me out. I would like to stay
>> logged in.
>>
>> The sentence I use to update the password is this:
>> # user_row variable is the row of the user in auth_user table, and
>> text_pass is the password in text plain
>> user_row.update_record(password=db.auth_user.password.validate(text_pass
>> )[0])
>>
>> I've inspeted the Auth code, and I've found this settings, but I can't
>> figure out how they work (except for the first one that is documented):
>> auth.settings.change_password_onvalidation
>> auth.settings.change_password_onaccept
>>
>> I've tried calling auth.profile() right after updating the record, but it
>> still logs me out.
>> Any help will be appreciated. Thanks!
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
