On Sep 16, 2011, at 6:28 PM, Anthony wrote: > On Friday, September 16, 2011 4:56:17 PM UTC-4, Massimo Di Pierro wrote: > > should it just be? > > if not self.user: > if not session._auth_next: > session._auth_next = URL(args=request.args, > vars=request.get_vars) > > Won't the above store the first URL in the app visited by the non-logged-in > user in _auth_next? But don't we want it to be the first URL visited that > requires login? The user might start at /a/c/index (which doesn't require > login) and then go to /a/c/mysite (which does require login, so redirects to > the login page), but then would get sent back to /a/c/index instead of > /a/c/mysite after login, no? > > if self.user and session._auth_next and not self.user and > session._auth_next.startswith(URL()): > next = session._auth_next > session._auth_next = None > redirect(next) > > How does this improve upon the current _next logic, which limits _next to > relative URLs? Doesn't this code only store relative URLs from the current > app in _auth_next? Does this have something to do with the possibility of > login via CAS, so need to handle _next in __init__() rather than login()? >
Be nice to consolidate all this into one set of shared logic, using the session instead of the query string, with a uniform way of setting it and redirecting.
