Thanks for an explanatory answer. I will try this out.
On Monday, March 12, 2012 7:49:28 PM UTC+5:30, Anthony wrote: > > def index(): >> >> login_form = auth.login() >> if login_form.process(session=None,formname='login').accepted: >> pass >> elif login_form.errors: >> response.write(request.vars) >> return dict() >> >> to display the form I have used the SQLForm in HTML technique as >> mentioned in the web2py book >> >> Whenever user enters the correct email and password. auth_event registers >> a login event with the description *User 1 Logged In*. >> The next property redirects the URL to /user/profile but auth.user object >> is *None.* >> > > auth.login() handles it's own form processing, and it uses the session > when calling form.accepts (which adds a hidden _formkey field to the form, > which must be present upon form submission). In your code, you do not > return the form object to the view, which means your view cannot include > the hidden _formkey field, which is therefore not submitted with the form. > So, when the form is submitted, the form.accepts in auth.login() fails, > which means the user object is never stored in session.auth.user -- hence, > auth.user is None. The reason the login submission is successful is that > your index() function then does its own processing of the login form, which > is successful -- but your explicit call to login_form.process() does not do > anything to set auth.user, so it is never set. > > In short, you should not be doing your own processing of the login form -- > let auth.login() handle that. And if you want to customize the form display > in the view, you still have to return the form to the view so you can > include the hidden _formkey and _formname fields in the form (you can use > form.custom.end to do that). > > Anthony >
