On Sep 17, 2011, at 7:51 AM, Massimo Di Pierro wrote: >> I also don't entirely understand this: >> >> def pop_next(self): >> next = current.session._auth_next >> if next and next.startswith(URL()): >> next = current.session._auth_next = None >> return next >> >> The startswith test: are we simply saying that if the startswith test is >> met, then we're already at the destination, so don't redirect? > > I guess it go both ways. > > I am worried the new session mechanism may break when multiple windows > are open, or when IFRAME and LOAD are used. I may have to revert this.
It seems to me that there are two issues here. One is cleaning up the logic to make it uniform, DRY and understandable. The other is deciding where to put the next link (and doing proper validation of the URL). I understand (I think) the basic use case for @requires_login, I think. What's the use case for saving the return link in Auth()? Does it make sense to try to save a next link in cases like change-password? Profile editing? I'm fine with reverting for now, but I really think that this logic is due for a review and cleanup. Maybe starting with a spec: what are we really trying to do? And how do these dynamic _next links relate to the various next-URL links in auth.settings?
