I was running into some issue with SQLFORM.grid and after going through the code, I realized that the grid does not include request.vars when calculating the URL signature (ref: v2.21.1, gluon/sqlhtml.py @ 2440).
Please correct me if I would be wrong,... else it may be useful to add something about this behavior in the web2py documentation: SQLFORM.grid validates the signature without taking into account request.vars As such, any constructed URL that contains a user_signature and that is pointing to the page that uses the controller function which creates this grid, should have this signature created without including request.vars! Thus, hash_vars should be set to False in that case. If not, you may get a ‘not authorized’ flash message and you will be redirected. E.g. a signed URL pointing to such page should look like: URL(‘mypage_with_grid’, args=[‘a’, ‘b’, ‘c’], vars={‘var1’:’val1’}, *user_signature=True,* *hash_vars=False*) -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/4de8ab7e-497a-4bc7-8ee8-872fec9ea49en%40googlegroups.com.