"Agile Web Development with Rails" discusses a friendlier login system. Basically, if a user follows a link on Page A to Page B and Page B is login-protected, my understanding is that the user would be diverted to the login page. Upon successfully completing the login page, the user is automatically sent directly to Page B which was his original destination. My question is this: Suppose that Page A were a form which supplied post data to Page B. Does Rails preserve the form data across the intervening Login page so that it''s available to Page B? I am very curious as to how Rails handles this situation. I fully realize that this hypothetical is very unlikely to arise in practice and there are many available work-arounds. Putting those aside, I''m just interested in knowing how Rails handles this situation. Thanks for any input. ... doug -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Apr 27, 2012, at 12:40 PM, doug wrote:> "Agile Web Development with Rails" discusses a friendlier login > system. Basically, if a user follows a link on Page A to Page B and > Page B is login-protected, my understanding is that the user would be > diverted to the login page. Upon successfully completing the login > page, the user is automatically sent directly to Page B which was his > original destination. > > My question is this: Suppose that Page A were a form which supplied > post data to Page B. Does Rails preserve the form data across the > intervening Login page so that it''s available to Page B? I am very > curious as to how Rails handles this situation.Not aware of any examples like this. Usually (following the REST pattern) you would first GET to Page B, then if it needed any data POSTed to it, it would display a form. Then your POST would also be to Page B, and the request method would differentiate the two at the controller/routing level. What usually gets saved in the session is the URL of the page that''s requesting authentication, and nothing more about that request. Walter> > I fully realize that this hypothetical is very unlikely to arise in > practice and there are many available work-arounds. Putting those > aside, I''m just interested in knowing how Rails handles this > situation. > > Thanks for any input. > > ... doug > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en. >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Doug Jolley wrote in post #1058675:> "Agile Web Development with Rails" discusses a friendlier login > system. Basically, if a user follows a link on Page A to Page B and > Page B is login-protected, my understanding is that the user would be > diverted to the login page. Upon successfully completing the login > page, the user is automatically sent directly to Page B which was his > original destination. > > My question is this: Suppose that Page A were a form which supplied > post data to Page B. Does Rails preserve the form data across the > intervening Login page so that it''s available to Page B? I am very > curious as to how Rails handles this situation.You should not think in terms of pages as in traditional web navigation. Instead think about the routes and controllers. In Rails, a route maps to a controller action method. The page is subsequently rendered, almost as a side-effect, of calling the controller action. To directly answer your question, no Rails will not automatically preserve the params through the redirect. You would have to do that yourself. However, the scenario you presented is itself somewhat broken. You would not want to protect the action that responds to the form submission (create or update) without protecting the action used to present the form (new or edit). Now the redirect to the login page would happen before the desired destination form is ever presented, effectively preventing the issue that you''re questioning. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
There is a legitimate and common edge case for this. Many sites have a timeout, so suppose the user is logged in, pulls up a form, then goes to lunch. After lunch they fill out the form and hit submit. Ideally they should be asked for a password, then the form should be submitted seamlessly. I''d suggest using the Devise gem and not reinventing a login system. On Tue, May 1, 2012 at 10:37 AM, Robert Walker <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Doug Jolley wrote in post #1058675: >> "Agile Web Development with Rails" discusses a friendlier login >> system. Basically, if a user follows a link on Page A to Page B and >> Page B is login-protected, my understanding is that the user would be >> diverted to the login page. Upon successfully completing the login >> page, the user is automatically sent directly to Page B which was his >> original destination. >> >> My question is this: Suppose that Page A were a form which supplied >> post data to Page B. Does Rails preserve the form data across the >> intervening Login page so that it''s available to Page B? I am very >> curious as to how Rails handles this situation. > > You should not think in terms of pages as in traditional web navigation. > Instead think about the routes and controllers. In Rails, a route maps > to a controller action method. The page is subsequently rendered, almost > as a side-effect, of calling the controller action. > > To directly answer your question, no Rails will not automatically > preserve the params through the redirect. You would have to do that > yourself. > > However, the scenario you presented is itself somewhat broken. You would > not want to protect the action that responds to the form submission > (create or update) without protecting the action used to present the > form (new or edit). Now the redirect to the login page would happen > before the desired destination form is ever presented, effectively > preventing the issue that you''re questioning.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.