On Sep 17, 2011, at 8:46 AM, Massimo Di Pierro wrote: > The basic use case is this: > User clicks on a link that requires_login and gets redirected to the > login page. After login the user is redirected to the original > requested page. > Exceptions: > - the login is outsourced to janrain > - the login is outsourced to cas or other open-id > - the login is not possible and the user must first register > - after login is redirected to the intended page but the app logic > finds this user has incomplete profile and redirects to profile > editing (*) > - what if the user is impersonating another user? (?) > - the user is visiting a page that does not require login but LOADs a > component that does (?) > - the user is visiting a page that does not require login but IFRAMEs > a component that does > - the user has another window open (**) > (*) is not currently supported. (?) not sure if it works (**) worked > with _next but not not with session._auth_next.
The old logic saves a next link in session in Auth(). What's that for?