This is mainly because 301 is cacheable whereas 303 (See other) isn't.
The redirect response given by the app when trying to connect to a project
(via /project_name) while not authenticated was to permanently redirect to
/authenticate.
Once authenticated, the browser was redirected to the /project_name, that was
cached, leading to an endless loop.
303 see other allows to solve this problem.
The project is now directly added to the context local g object, and injected on the fly into the urls that need it.
This commits also add ideas found while reading the flask documentation. The project can be enhanced in many ways, some ideas are stated there.
(Fred, is there a reason why you're using form.id.validate()? Doesn't seem to be defined in here.
Also properly deletes the session using session.clear rather than session = None.
As session is an observable object, if it is updated to None, the session will *not* be invalided at the end of the request. Instead, you have to call clear() which will clear its members so the cookie will be updated accordingly at the end of the request.
* web.py contains the controllers (also called views) + url definitions
* models.py contains the models
* forms.py contains the forms
* utils.py contains a set of utility fonctions to ease the dev. process