Changing
if current.request.ajax:
raise HTTP(401, self.messages.ajax_failed_authentication)
to
if current.request.ajax and current.request.cid:
raise HTTP(401, self.messages.ajax_failed_authentication)
in gluon/tools/Auth class/requires function (line 3749 in release 2.12.03)
seems to solve the problem since it verifies it is a component before
raising a 401, else it follows the "otherwise" or
auth.settings.on_failed_authorization redirect (which I am using).
Denes.
On Tuesday, October 6, 2015 at 1:50:04 PM UTC-4, DenesL wrote:
>
> Hi
>
> an expired session becomes empty but this does not seem to always trigger
> auth.requires_login redirection to the login URL neither when set via
> auth.requires_login(loginURL), aka the otherwise parameter, nor by
> auth.settings.on_failed_authorization = loginURL *when XMLHttpRequest
> (XHR) is used.*
> Actually the otherwise parameter is superfluous in this case.
>
> Status 401 UNAUTHORIZED with response
> <div class="not-authorized alert alert-block"><h4>NOT
> AUTHORIZED</h4>Please <a href="">login</a> to view this content.</div>
> but that is never seen since I am using www.idangero.us/framework7 ,
> which loads all links with Ajax by default, does not refresh the page.
>
> So this probably happens because the call is being treated as a component
> by web2py.
> I can get around this by defining the links as external in framework7 but
> I wonder if it would not be better to have a way to tell web2py to redirect
> when the session has expired even when using Ajax calls.
>
> Thanks,
> Denes
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
