The SessionCredentialsPlugin will redirect to a login form whenever a 
user needs to be authenticated. The URL to this login form will have a 
"camefrom" query string, where the "camefrom" is the path-information to 
the originally requested view.

When the credentials provided by the user are correct, the login form 
will use the camefrom information to redirect back to that original view.

Ideally (a.k.a. according to the HTTP spec.), the camefrom should be an 
absolute URL, not just a path like the SessionCredentialsPlugin now does.

I'd like to fix and release zope.pluggableauth with the following patch 
applied - unless of course there's compelling reasons not to do this:

--- trunk/src/zope/pluggableauth/plugins/session.py     2011-02-07 
10:33:25.643791415 +0100
2011-02-07 10:40:12.301790203 +0100
@@ -308,7 +308,7 @@
          # Better to add the query string, if present
          query = request.get('QUERY_STRING')

-        camefrom = '/'.join([request.getURL(path_only=True)] + stack)
+        camefrom = '/'.join([request.getURL()] + stack)
          if query:
              camefrom = camefrom + '?' + query
          url = '%s/@@%s?%s' % (absoluteURL(site, request),

regards, jw

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to