Hey all, Recently I''ve been looking into on how to return back to a previous referring URL and and the most common approach is: redirect_to session[:return_to] But some recommend: redirect_to(session.delete(:return_to) || default) How I understand it, in the second example we call session.delete so it will clear the return path since we will no longer need it, and we also use || to fall back to default URL in case the session is nil. Kind of makes sense, but what I am trying to understand is (and I couldn''t find it anywhere explained) what are the implications of -not- using session.delete, how is it better, is it a security thing? And also falling back to default, in what cases can a session be nil? If there are other checks present (I am using Devise) should this be necessary? Hope my questions make sense. Thank you. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/t2Zxt8NP4hYJ. For more options, visit https://groups.google.com/groups/opt_out.
Jordon Bedwell
2013-Jan-18 13:12 UTC
Re: redirect_to(session[:return_to]) vs session.delete
On Thu, Jan 17, 2013 at 7:37 PM, Alex M <zapper-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Recently I''ve been looking into on how to return back to a previous > referring URL and and the most common approach is: > > redirect_to session[:return_to] > But some recommend: > redirect_to(session.delete(:return_to) || default) > > How I understand it, in the second example we call session.delete so it will > clear the return path since we will no longer need it, and we also use || to > fall back to default URL in case the session is nil. Kind of makes sense, > but what I am trying to understand is (and I couldn''t find it anywhere > explained) what are the implications of -not- using session.delete, how is > it better, is it a security thing? And also falling back to default, in what > cases can a session be nil? If there are other checks present (I am using > Devise) should this be necessary? > > Hope my questions make sense. Thank you.If you are on Rails 3 use redirect_to(:back)... if you are not then the only real implication is having trash hanging around in your cookie storage (if you use cookie storage.) for db storage it''s meh on the space used because it''s most of the time trivial but it still leaves a dirty session. So at the end of the day it depends on how thorough of a programmer you want to be. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.