I have a 'registered' page/action which immediately follows 'register' page/action, and I would like to prevent someone who is currently on the 'register' page to jump to 'registered' page by directly changing the URL (even if all the fields including email etc are filled), instead of clicking the submit button.
So I tried the following: in the model, I have: auth.settings.register_next = URL('registered') in the controller, I have: def register(): session.from_register = True session.register_arg = request.args(0) form = auth.register() return dict(form=form) and def registered(): if not session.from_register: logger.debug('request NOT from registration page') session.from_register = False redirect(URL(c='default', f='index')) elif not session.email: logger.debug('request from registration page but registration form not processed') session.from_register = False redirect(URL(f='register', args=[session.register_arg])) return dict() In other words, I use session.email to test whether user gets to 'registered' page after the register form is successfully processed or not. However, it seems that 'registered' function is called before 'register' form is fully processed (i.e. 'session.email' gets set), so that user is re-directed (from within the elif block above) back to 'register' page. What would be an appropriate method here?