Re: [Rails] Re: A Friendlier Login System

There is a legitimate and common edge case for this. Many sites have a
timeout, so suppose the user is logged in, pulls up a form, then goes
to lunch. After lunch they fill out the form and hit submit. Ideally
they should be asked for a password, then the form should be submitted
seamlessly.

I'd suggest using the Devise gem and not reinventing a login system.

On Tue, May 1, 2012 at 10:37 AM, Robert Walker <lists@ruby-forum.com> wrote:
> Doug Jolley wrote in post #1058675:
>> "Agile Web Development with Rails" discusses a friendlier login
>> system.  Basically, if a user follows a link on Page A to Page B and
>> Page B is login-protected, my understanding is that the user would be
>> diverted to the login page.  Upon successfully completing the login
>> page, the user is automatically sent directly to Page B which was his
>> original destination.
>>
>> My question is this:  Suppose that Page A were a form which supplied
>> post data to Page B.  Does Rails preserve the form data across the
>> intervening Login page so that it's available to Page B?  I am very
>> curious as to how Rails handles this situation.
>
> You should not think in terms of pages as in traditional web navigation.
> Instead think about the routes and controllers. In Rails, a route maps
> to a controller action method. The page is subsequently rendered, almost
> as a side-effect, of calling the controller action.
>
> To directly answer your question, no Rails will not automatically
> preserve the params through the redirect. You would have to do that
> yourself.
>
> However, the scenario you presented is itself somewhat broken. You would
> not want to protect the action that responds to the form submission
> (create or update) without protecting the action used to present the
> form (new or edit). Now the redirect to the login page would happen
> before the desired destination form is ever presented, effectively
> preventing the issue that you're questioning.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.