Forum: Ruby on Rails login redirects that maintain parameter data

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Jables (Guest)
on 2009-01-10 00:24
(Received via mailing list)
  I need some advice on something.  I have a fairly large and complex
website ( and all authentication I do is done by before
filters.  Basically  before_filter :login_required.
login_required does basic authentication and then redirects to the
root_path.  Here is the essentials from the login system code (which
is mostly taken from the beast forum):

     def login_required
      login_by_token      unless logged_in?
      login_by_basic_auth unless logged_in?
      respond_to do |format|
        format.html { redirect_to login_path }
        format.js   { render(:update) { |p| p.redirect_to
login_path } }
        format.xml  do
          headers["WWW-Authenticate"] = %(Basic realm="Beast")
          render :text => "HTTP Basic: Access denied.\n", :status
=> :unauthorized
      end unless logged_in? && authorized?

 def login_by_token
      self.current_user = User.find_by_id_and_login_key(*cookies
[:login_token].split(";")) if cookies[:login_token] and not logged_in?

      @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION
    def login_by_basic_auth
      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?
(h) }
      auth_data = request.env[auth_key].to_s.split unless
      self.current_user = User.authenticate *Base64.decode64(auth_data
[1]).split(':')[0..1] if auth_data && auth_data[0] == 'Basic'

Now here is what I want:  when a user clicks a page that requires
authentication they should be redirected to the login page, then on
successful login to the page they are going to.  If they are trying to
submit something to the site they should be redirected to login, then
their submission should go through on successful login.

Any advice on how to achieve this would be very appreciated!
Patrick D. (Guest)
on 2009-01-10 04:45
(Received via mailing list)
I would suggest taking a look at Ryan B. screencast about restful
authentication (, write a simple
application or two using restful authentication, and then walk through
code to see how it all works.  IIRC, it has support for doing just what

This topic is locked and can not be replied to.