On Friday, September 16, 2011 4:56:17 PM UTC-4, Massimo Di Pierro wrote: > > > should it just be? > > if not self.user: > if not session._auth_next: > session._auth_next = URL(args=request.args, > vars=request.get_vars) >
Won't the above store the first URL in the app visited by the non-logged-in user in _auth_next? But don't we want it to be the first URL visited that requires login? The user might start at /a/c/index (which doesn't require login) and then go to /a/c/mysite (which does require login, so redirects to the login page), but then would get sent back to /a/c/index instead of /a/c/mysite after login, no? > if self.user and session._auth_next and not self.user and > session._auth_next.startswith(URL()): > next = session._auth_next > session._auth_next = None > redirect(next) > How does this improve upon the current _next logic, which limits _next to relative URLs? Doesn't this code only store relative URLs from the current app in _auth_next? Does this have something to do with the possibility of login via CAS, so need to handle _next in __init__() rather than login()? Anthony
