From ab305ccbc6abf3aa990832da4f5161c813860e5c Mon Sep 17 00:00:00 2001
From: Alexis Metaireau <alexis@notmyidea.org>
Date: Sat, 30 Jul 2011 01:32:55 +0200
Subject: [PATCH] Put back the old version of authenticate.

(Fred, is there a reason why you're using form.id.validate()? Doesn't seem to be defined in here.

Also properly deletes the session using session.clear rather than session = None.
As session is an observable object, if it is updated to None, the session will *not* be invalided at the end of the request. Instead, you have to call clear() which will clear its members so the cookie will be updated accordingly at the end of the request.
---
 budget/web.py | 42 ++++++++++++++++++++----------------------
 1 file changed, 20 insertions(+), 22 deletions(-)

diff --git a/budget/web.py b/budget/web.py
index f8ede3c4..0f5a28b5 100644
--- a/budget/web.py
+++ b/budget/web.py
@@ -18,28 +18,26 @@ def home():
 def authenticate(redirect_url=None):
     form = AuthenticationForm()
     
-    if form.id.validate():
-    
-        project_id = form.id.data
-    
-        redirect_url = redirect_url or url_for("list_bills", project_id=project_id)
-        project = Project.query.get(project_id)
-        if not project:
-            return redirect(url_for("create_project", project_id=project_id))
+    project_id = form.id.data
 
-        # if credentials are already in session, redirect
-        if project_id in session and project.password == session[project_id]:
-            return redirect(redirect_url)
+    redirect_url = redirect_url or url_for("list_bills", project_id=project_id)
+    project = Project.query.get(project_id)
+    if not project:
+        return redirect(url_for("create_project", project_id=project_id))
 
-        # else process the form
-        if request.method == "POST":
-            if form.validate():
-                if not form.password.data == project.password:
-                    form.errors['password'] = ["The password is not the right one"]
-                else:
-                    session[project_id] = form.password.data
-                    session.update()
-                    return redirect(redirect_url)
+    # if credentials are already in session, redirect
+    if project_id in session and project.password == session[project_id]:
+        return redirect(redirect_url)
+
+    # else process the form
+    if request.method == "POST":
+        if form.validate():
+            if not form.password.data == project.password:
+                form.errors['password'] = ["The password is not the right one"]
+            else:
+                session[project_id] = form.password.data
+                session.update()
+                return redirect(redirect_url)
 
     return render_template("authenticate.html", form=form)
 
@@ -68,8 +66,8 @@ def create_project():
 @app.route("/quit")
 def quit():
     # delete the session
-    session = None
-    return redirect( url_for("home") )
+    session.clear()
+    return redirect(url_for("home"))
 
 @app.route("/<string:project_id>/invite")
 @requires_auth