Hello, I don''t think this is something which has already been answered. Using, for example Restful authentication, sessions can time-out resulting in an authentication screen being shown. The original URI is normally saved and redirected to upon a successful authentication with something like this: session[:return_to] = request.request_uri ... authentication happens; subsequently ... redirect_to(session[:return_to] || default) However if the original request was a POST the original body is going to be lost. Has anyone got a solution which preserves the whole of the original request so the authentication process becomes transparent? Thanks James. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Why would you want to repost a POST request? If the original URI was a data entry form, are you going to repost the same data back to the controller? Session time outs are for security. The end user can afford to go through a few clicks to get back to what he/she was doing in the first place. It is a minor inconvenience for letting your session expire. On Apr 6, 2:23 pm, JamesKay <james....-vJl/D9B02w+akBO8gow8eQ@public.gmane.org> wrote:> Hello, > > I don''t think this is something which has already been answered. > > Using, for example Restful authentication, sessions can time-out > resulting in an authentication screen being shown. The original URI is > normally saved and redirected to upon a successful authentication with > something like this: > > session[:return_to] = request.request_uri > > ... authentication happens; subsequently ... > > redirect_to(session[:return_to] || default) > > However if the original request was a POST the original body is going > to be lost. Has anyone got a solution which preserves the whole of > the original request so the authentication process becomes > transparent? > > Thanks > James.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Apr 6, 4:23 am, JamesKay <james....-vJl/D9B02w+akBO8gow8eQ@public.gmane.org> wrote:> Hello, > > I don''t think this is something which has already been answered. > > Using, for example Restful authentication, sessions can time-out > resulting in an authentication screen being shown. The original URI is > normally saved and redirected to upon a successful authentication with > something like this: > > session[:return_to] = request.request_uri > > ... authentication happens; subsequently ... > > redirect_to(session[:return_to] || default) > > However if the original request was a POST the original body is going > to be lost. Has anyone got a solution which preserves the whole of > the original request so the authentication process becomes > transparent? > > Thanks > James.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Theres a couple of ways you can do this .... The easiest of course making your session so it doesnt expire :) or Depending on how much data you were trying to retain you could set a new cookie with the data when editing even though the session would expire/be removed the cookie should remain. (provided you save to the cookie before trying to log a user out) then upon re-logging in check the cookie, and ask the user if he/she wants to carry on editing. if they select yes load the cookie data into the post. If your dealing with sat a text area with lots of text then you would not be able to store it all in the cookie but could store a pointer such as an artice_id and use memcache to store the text. Consider also using a periodic ajax request to save a draft which is set to run at lesser intervals to your session timeout, this is what sites such as gmail do. Or even easier use the ajax call to keep pinging the server when on such a critical page and that way it will keep you logged in. Adam On Apr 6, 9:23 pm, JamesKay <james....-vJl/D9B02w+akBO8gow8eQ@public.gmane.org> wrote:> Hello, > > I don''t think this is something which has already been answered. > > Using, for example Restful authentication, sessions can time-out > resulting in an authentication screen being shown. The original URI is > normally saved and redirected to upon a successful authentication with > something like this: > > session[:return_to] = request.request_uri > > ... authentication happens; subsequently ... > > redirect_to(session[:return_to] || default) > > However if the original request was a POST the original body is going > to be lost. Has anyone got a solution which preserves the whole of > the original request so the authentication process becomes > transparent? > > Thanks > James.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks for your comments. "Why would you want to repost a POST request?" Because I don''t want the end user to have to do a few more clicks; browsers sometimes forget what you told them, or users have "finger trouble" when presented with a request to repeat themselves. As far as the user is concerned they just sent the only copy of their latest novel to us and they''d rather not re-key it. "Session time outs are for security." Yes, and so I''d like them to be relatively short and this has the potential to be inconvenient if we forget their POST data. Thanks again James On Apr 6, 1:48 pm, Mukund <marut...-/E1597aS9LQAvxtiuMwx3w@public.gmane.org> wrote:> Why would you want to repost a POST request? If the original URI was > a data entry form, are you going to repost the same data back to the > controller? Session time outs are for security. The end user can > afford to go through a few clicks to get back to what he/she was doing > in the first place. It is a minor inconvenience for letting your > session expire. > > On Apr 6, 2:23 pm, JamesKay <james....-vJl/D9B02w+akBO8gow8eQ@public.gmane.org> wrote: > > > Hello, > > > I don''t think this is something which has already been answered. > > > Using, for example Restful authentication, sessions can time-out > > resulting in an authentication screen being shown. The original URI is > > normally saved and redirected to upon a successful authentication with > > something like this: > > > session[:return_to] = request.request_uri > > > ... authentication happens; subsequently ... > > > redirect_to(session[:return_to] || default) > > > However if the original request was a POST the original body is going > > to be lost. Has anyone got a solution which preserves the whole of > > the original request so the authentication process becomes > > transparent? > > > Thanks > > James.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Yes, I could use a temporary store (memcache or a activerecord would both do) for the data and add a reference of some sort to that data into my session. Solutions which do intermediate "pings" of some form don''t seem that elegant to me; much better to avoid the need to handle these (and their effect on system load) by assuming sessions do time out from time to time just before a POST. However what I am looking for is a neat way to wrap up the re- submission of that data out of the temporary store so it''s transparent to most of my application. For example the full set of POSTed parameters should become available again in the params object when I''ve authenticated. On Apr 7, 11:42 am, sideshow <adam.jonesdes...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Theres a couple of ways you can do this .... > The easiest of course making your session so it doesnt expire :) or > Depending on how much data you were trying to retain you could set a > new cookie with the data when editing > even though the session would expire/be removed the cookie should > remain. (provided you save to the cookie before trying to log a user > out) > then upon re-logging in check the cookie, and ask the user if he/she > wants to carry on editing. if they select yes load the cookie data > into the post. > If your dealing with sat a text area with lots of text then you would > not be able to store it all in the cookie but could store a pointer > such as an artice_id and use memcache to store the text. > Consider also using a periodic ajax request to save a draft which is > set to run at lesser intervals to your session timeout, this is what > sites such as gmail do. > Or even easier use the ajax call to keep pinging the server when on > such a critical page and that way it will keep you logged in. > > Adam > > On Apr 6, 9:23 pm, JamesKay <james....-vJl/D9B02w+akBO8gow8eQ@public.gmane.org> wrote: > > > Hello, > > > I don''t think this is something which has already been answered. > > > Using, for example Restful authentication, sessions can time-out > > resulting in an authentication screen being shown. The original URI is > > normally saved and redirected to upon a successful authentication with > > something like this: > > > session[:return_to] = request.request_uri > > > ... authentication happens; subsequently ... > > > redirect_to(session[:return_to] || default) > > > However if the original request was a POST the original body is going > > to be lost. Has anyone got a solution which preserves the whole of > > the original request so the authentication process becomes > > transparent? > > > Thanks > > James.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Apr 8, 2008, at 3:51 AM, JamesKay wrote:> > Yes, I could use a temporary store (memcache or a activerecord would > both do) for the data and add a reference of some sort to that data > into my session. > > Solutions which do intermediate "pings" of some form don''t seem that > elegant to me; much better to avoid the need to handle these (and > their effect on system load) by assuming sessions do time out from > time to time just before a POST. > > However what I am looking for is a neat way to wrap up the re- > submission of that data out of the temporary store so it''s transparent > to most of my application. For example the full set of POSTed > parameters should become available again in the params object when > I''ve authenticated.could you just pass the full params object to memcache/active record before logout. That way you dont have to wrap anything. ie/ require ''memcache'' #just before system redirects user to logout if session has expired user_id = YOUR_USER_ID cache = MemCache.new ''localhost:11211'' cache.set(user_id, params) #when you log back in you can se params programatically as follows user_id = YOUR_USER_ID params = cache.get(user_id) # you might want to filter some of it out by setting params[:whatever] = nil --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Phillip Koebbe
2008-Apr-08 01:09 UTC
Re: Preserving POST request body across authentication
I have not yet had to do this in Rails, but I did something similar in
PHP last year. I was using Smarty as the template engine, so I assigned
all of the parameters to the smarty object then called a smarty template
that built a form of hidden elements and submitted it. The code looked
like
$form_action = "parent.php?action=search";
$form_inputs[] = array("name" => "player_id",
"value" =>
$player_id);
$form_inputs[] = array("name" =>
"search_lname", "value" =>
$lname);
$form_inputs[] = array("name" =>
"search_fname", "value" =>
$fname);
$form_inputs[] = array("name" =>
"search_email", "value" =>
$email);
$smarty->assign(''form_action'', $form_action);
$smarty->assign(''form_inputs'', $form_inputs);
$smarty->display(''lib/resubmit_form.tpl'');
and the template
<html>
<body onload="aform.submit()">
<form name="aform" method="post"
action="{$form_action}">
{foreach from=$form_inputs item=form_input}
<input type="hidden" name="{$form_input.name}"
value="{$form_input.value}">
{/foreach}
</form>
</body>
</html>
Though it''s not Rails, maybe it will help you get closer to solving
your
problem. I''m sure that I''ll need to port this to Rails at
some point,
but it hasn''t happened yet.
Peace,
Phillip
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Julian Leviston
2008-Apr-08 04:06 UTC
Re: Preserving POST request body across authentication
Or, you could yaml-ize it into a hidden form input field. Julian. Learn Ruby on Rails! Check out the FREE VIDS (for a limited time) VIDEO #3 out NOW! http://sensei.zenunit.com/ On 08/04/2008, at 9:38 AM, Adam Jones wrote:> > > On Apr 8, 2008, at 3:51 AM, JamesKay wrote: > >> >> Yes, I could use a temporary store (memcache or a activerecord would >> both do) for the data and add a reference of some sort to that data >> into my session. >> >> Solutions which do intermediate "pings" of some form don''t seem that >> elegant to me; much better to avoid the need to handle these (and >> their effect on system load) by assuming sessions do time out from >> time to time just before a POST. >> >> However what I am looking for is a neat way to wrap up the re- >> submission of that data out of the temporary store so it''s >> transparent >> to most of my application. For example the full set of POSTed >> parameters should become available again in the params object when >> I''ve authenticated. > > > could you just pass the full params object to memcache/active record > before logout. > That way you dont have to wrap anything. > > ie/ > > > require ''memcache'' > > #just before system redirects user to logout if session has expired > user_id = YOUR_USER_ID > cache = MemCache.new ''localhost:11211'' > cache.set(user_id, params) > > #when you log back in you can se params programatically as follows > user_id = YOUR_USER_ID > params = cache.get(user_id) > > # you might want to filter some of it out by setting params[:whatever] > = nil > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Adam, thanks. I think serialising the params object into my store, remembering a reference to them, and then params something.get(user_id) looks like the neatest thing. James. On Apr 8, 12:38 am, Adam Jones <adam.jonesdes...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On Apr 8, 2008, at 3:51 AM, JamesKay wrote: > > > > > Yes, I could use a temporary store (memcache or a activerecord would > > both do) for the data and add a reference of some sort to that data > > into my session. > > > Solutions which do intermediate "pings" of some form don''t seem that > > elegant to me; much better to avoid the need to handle these (and > > their effect on system load) by assuming sessions do time out from > > time to time just before a POST. > > > However what I am looking for is a neat way to wrap up the re- > > submission of that data out of the temporary store so it''s transparent > > to most of my application. For example the full set of POSTed > > parameters should become available again in the params object when > > I''ve authenticated. > > could you just pass the full params object to memcache/active record > before logout. > That way you dont have to wrap anything. > > ie/ > > require ''memcache'' > > #just before system redirects user to logout if session has expired > user_id = YOUR_USER_ID > cache = MemCache.new ''localhost:11211'' > cache.set(user_id, params) > > #when you log back in you can se params programatically as follows > user_id = YOUR_USER_ID > params = cache.get(user_id) > > # you might want to filter some of it out by setting params[:whatever] > = nil--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---