> > def index(): > > login_form = auth.login() > if login_form.process(session=None,formname='login').accepted: > pass > elif login_form.errors: > response.write(request.vars) > return dict() > > to display the form I have used the SQLForm in HTML technique as mentioned > in the web2py book > > Whenever user enters the correct email and password. auth_event registers > a login event with the description *User 1 Logged In*. > The next property redirects the URL to /user/profile but auth.user object > is *None.* >
auth.login() handles it's own form processing, and it uses the session when calling form.accepts (which adds a hidden _formkey field to the form, which must be present upon form submission). In your code, you do not return the form object to the view, which means your view cannot include the hidden _formkey field, which is therefore not submitted with the form. So, when the form is submitted, the form.accepts in auth.login() fails, which means the user object is never stored in session.auth.user -- hence, auth.user is None. The reason the login submission is successful is that your index() function then does its own processing of the login form, which is successful -- but your explicit call to login_form.process() does not do anything to set auth.user, so it is never set. In short, you should not be doing your own processing of the login form -- let auth.login() handle that. And if you want to customize the form display in the view, you still have to return the form to the view so you can include the hidden _formkey and _formname fields in the form (you can use form.custom.end to do that). Anthony