How to disable _next when auto-logout? Or how do I make it maintain the var _signature?

29 views
Skip to first unread message

João Matos

unread,
Apr 3, 2019, 10:59:28 AM4/3/19
to web2py-users
Hello,

How to disable _next when auto-logout occurs? Or how do I make it maintain the var _signature?

I have this problem.
If a user leaves the application open, for eg. in a record editing page with this URL

http://jmatos-p:8000/client/index/edit/client/2?_signature=b691de6ea83a3e24bb9b7f5324531406b0a6643a

and the expiration time occurs, the user is logged out and shown this URL

http://jmatos-p:8000/user/login?_next=/client/index/edit/client/2

where web2py removed the var _signature.


When the user logs in he receives an "Not authorized" error message (session.flash) and gets redirected to URL

http://jmatos-p:8000/client?_signature=6b1c6d06db156eaca5aa5ecf51bf2351a97e3d53

which is the parent of the original URL.

I had a solution I found while searching this forum, which was to add

request.vars._next = None

before the auth declaration in the db.py file.

That worked until I used a language changing solution given to me on another topic, which is this
db1.py file
LANGUAGES = ('pt', 'en')


def set_language():
    # type: () -> str
    """Set language.

    https://groups.google.com/forum/#!topic/web2py/6ceuUoISWGU

    :return: Language code.
    """
    lang_code = session.lang or 'pt'  # T.accepted_language[:2]
    if lang_code in LANGUAGES:
        T.force(lang_code)
        return lang_code
    else:
        T.force('pt')
        return 'pt'


LANG = set_language()


and in the block footer section of layout.html
          <div class="pull-right">
            <a {{if LANG == 'pt':}}class="highlight"{{pass}} href="{{=URL('default', 'language', args='pt', vars={'_next':URL(args=request.args, vars=request.vars, user_signature=True)})}}">PT</a>
            <a {{if LANG == 'en':}}class="highlight"{{pass}} href="{{=URL('default', 'language', args='en', vars={'_next':URL(args=request.args, vars=request.vars, user_signature=True)})}}">EN</a>
          </div>

Is there any way to disable the _next without using the above request.vars._next = None ?
Is there any way the _next could maintain the original var _signature?
Any other ideas on how to solve this?

Thanks,

JM

João Matos

unread,
Apr 5, 2019, 11:39:59 AM4/5/19
to web2py-users
Found a solution (more a kludge).

Added
next = '/'

to login function in tools.py
Line 2831
                # next = replace_id(next, form)
                next = '/'
                redirect(next, client_side=settings.client_side
Reply all
Reply to author
Forward
0 new messages