Maybe check what's happening with the session cookie and the session right
before and after the logout to see what is changing.
On Sunday, September 27, 2015 at 10:39:20 AM UTC-4, Lisandro wrote:
>
> I forgot to mention something important, that is that I'm also using a
> custom login form and controller/function, maybe something is being done
> wrong in that point.
>
> In the same way that the change password view, for the login, I'm using a
> custom html form with email and password inputs, and submitting the post
> through ajax to this controller/function that logs in the user:
>
> def _login():
> user = auth.login_bare(request.post_vars.email, request.post_vars.
> password)
> if not user:
> return response.json({'success': False, 'error': 'Incorrect
> access data'})
> else:
> session.auth.expiration = auth.settings.expiration
> if request.post_vars.remember_me:
> session.auth.expiration = auth.settings.long_expiration
> session.auth.remember_me = True
> response.cookies[response.session_id_name]["expires"] =
> session.auth.expiration
> return response.json({'success': True})
>
> This is working ok, I don't see anything that could interfeer with
> changing the password :/
>
>
> El domingo, 27 de septiembre de 2015, 10:53:32 (UTC-3), Lisandro escribió:
>>
>> I'm not using session.secure()
>> App runs just over http
>>
>> I've made a view and write my own custom HTML form, with a couple of
>> inputs that request the new password twice, and then I submit the form
>> through ajax.
>> This is the controller/function that takes that ajax post:
>>
>> @auth.requires_login()
>> def _change_password():
>> user_row = db.auth_user[auth.user.id]
>> text_pass = request.post_vars.password
>> user_row.update_record(password=db.auth_user.password.validate(
>> text_pass)[0])
>> return response.json({'success': True})
>>
>> The jQuery code that submits the form through ajax, inspects that
>> result.success is True, and redirects to "my account" page that requires
>> login.
>> Everytime I change my password, the change is performed ok, the
>> redirection too, but in that point the user isn't logged anymore, because
>> "my account" page requires login and web2py redirects me to login page.
>>
>> These are my auth settings, just in case:
>> auth.settings.login_url = URL('default', 'user', args='login')
>> auth.settings.logout_next = URL('default', 'index')
>> auth.settings.on_failed_authorization = URL('static', args='403.html')
>> auth.settings.create_user_groups = False
>> auth.settings.download_url = URL('default', 'download')
>> auth.settings.expiration = 172800 # two days, in order to avoid problem
>> with Firefox (after short expiration, login isn't possible anymore until
>> deleting cookie)
>> auth.settings.long_expiration = 2592000 # one month
>>
>>
>>
>> El domingo, 27 de septiembre de 2015, 10:41:46 (UTC-3), Anthony escribió:
>>>
>>> Are you using session.secure() and transitioning from https to http
>>> during this process? You may need to show some additional code. Maybe check
>>> whether the session cookie is being returned and what is in the session
>>> before and after this action.
>>>
>>> On Sunday, September 27, 2015 at 9:06:08 AM UTC-4, Lisandro wrote:
>>>>
>>>> I've implemented a custom change password form that works ok. However,
>>>> everytime I change my password, web2py logs me out. I would like to stay
>>>> logged in.
>>>>
>>>> The sentence I use to update the password is this:
>>>> # user_row variable is the row of the user in auth_user table, and
>>>> text_pass is the password in text plain
>>>> user_row.update_record(password=db.auth_user.password.validate(
>>>> text_pass)[0])
>>>>
>>>> I've inspeted the Auth code, and I've found this settings, but I can't
>>>> figure out how they work (except for the first one that is documented):
>>>> auth.settings.change_password_onvalidation
>>>> auth.settings.change_password_onaccept
>>>>
>>>> I've tried calling auth.profile() right after updating the record, but
>>>> it still logs me out.
>>>> Any help will be appreciated. Thanks!
>>>>
>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
