All auth does on successful login is: from gluon.storage import Storage session.auth=Storage() session.auth.user = db(db.auth_user.id==logged_in_user_id).select ().first() session.auth.user_id = session.auth.user.id session.auth.last_visit = request.now
set session.auth=None on logout. On Jan 31, 9:08 am, Jon Romero <[email protected]> wrote: > I have created a new facebook connect plugin where the user can login > to auth using FBConnect. > The thing that I am doing is after the user has logged in (and I have > his fb_uid) I create a new session like this: > > if not auth.is_logged_in(): > user_obj = Storage(user_table._filter_fields(Users.find_by_id > (user_id)[0], id=True)) > session.auth = Storage(user=user_obj, last_visit=request.now, > expiration=2600) > > where Users.find_by_id(user_id) assume it's db(db.users.id == > user_id).select() > > Even though it seems to work, I don't think it is correct (because if > it is THAT simple for everyone to > create an auth object then he can hack the system). > > I checked the auth.requires_login but I couldn't figure it out. > > So, how can I create a new session programmatically (like the login > page does)? -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
