That is the point. security should not depend on the history but on the state of the user. Even you do not redirect the user there, nothing prevents the user from editing the url.
On Jul 3, 5:24 pm, Fauché JM <jm.fau...@free.fr> wrote: > Sorry, when session.group='Public' it never redirect on sas because in > code : > > form=...choice of a group in [auth_membership+'Public'] > if form.accepts(request.vars,session): > session.group=form.vars.group_choice > if session.group != 'Public': > redirect(URL(r=request,f='sas')) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---