> > > I believe auth.settings.login_next only has an effect when there is no > > session._auth_next (i.e., when the user goes directly to the login URL > > rather than getting there via an internal link or redirect). > > Your logic is sound, but I'm afraid this is not the case. I am > directly going to myapp/login and then getting redirected via > session._auth_next to default/index. >
Puzzling. Could be a bug. > I thought this is what the auth.settings.login_onaccept = [myonaccept] > was supposed to do (see my example stated earlier). That was my first > attempt as it seemed the most logical. Am I doing something wrong > there? > auth.settings.login_onaccept gets called after a successful login, but it's not the very last thing that happens in auth.login() -- after the callback, auth.login() still proceeds to do its usual redirect. The redirect starts a whole new request, so if you set response.js before the redirect, it will get lost. Here's why -- when you set response.js, it adds the JS code to a special web2py-component-command header. However, because of the redirect, that header will arrive at the browser as part of a 303 redirect response. When the browser receives a redirect response, it immediately issues the redirect request without further processing the XHR object, so the client-side web2py JS code never gets to process the web2py-component-command header. Instead, you have to set response.js *after* the redirect, or simply prevent the redirect altogether (hence my suggestion to have your callback raise an HTTP() response). Anthony