From 6a97bfe51775ad4eecf75d22d5bad1a69eff3c35 Mon Sep 17 00:00:00 2001
From: mdipierro <massimo.dipierro@gmail.com>
Date: Fri, 5 Oct 2012 07:18:35 -0500
Subject: [PATCH] Auth use request.requires_https, thanks Yarin

---
 VERSION          | 2 +-
 gluon/globals.py | 2 +-
 gluon/tools.py   | 5 ++---
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/VERSION b/VERSION
index 61521047..7ee0d384 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-Version 2.0.9 (2012-10-04 21:51:53) dev
+Version 2.0.9 (2012-10-05 07:18:29) dev
diff --git a/gluon/globals.py b/gluon/globals.py
index 8bf69150..10a1e9ee 100644
--- a/gluon/globals.py
+++ b/gluon/globals.py
@@ -128,7 +128,7 @@ class Request(Storage):
         and secure the session.
         """
         if not global_settings.cronjob and not self.is_https:
-            session.forget()
+            current.session.forget()
             redirect(URL(scheme='https', args=self.args, vars=self.vars))
 
         current.session.secure()
diff --git a/gluon/tools.py b/gluon/tools.py
index b21d81c0..dc2591c4 100644
--- a/gluon/tools.py
+++ b/gluon/tools.py
@@ -1070,9 +1070,8 @@ class Auth(object):
         session = current.session
         auth = session.auth
         self.user_groups = auth and auth.user_groups or {}
-        if secure and not request.is_https:
-            session.secure()
-            redirect(URL(args=request.args,vars=request.vars,scheme='http'))
+        if secure:
+            request.requires_https()
         if auth and auth.last_visit and auth.last_visit + \
                 datetime.timedelta(days=0, seconds=auth.expiration) > request.now:
             self.user = auth.user