Newbie redirect_to :back related question

Hi,

In the course of integrating an authentication module (Authlogic) into
my Rails app, I’ve developed the following priority:

‘If the current user makes a url request for which they are
ineligible, return the user to the page from which they made their
invalid request.’

One way to get at this is with the following two methods in the
application_controller:

def store_location
session[:return_to] = request.request_uri
end

def redirect_back_or_default(default)
redirect_to(session[:return_to] || default)
session[:return_to] = nil
end

But if I wanted to guarantee that the user was redirected back to any
action from which they made an ineligible request, I would need to
call store_location for every such controller action, which is crazy.

Is there no inexpensive way that Rails will remember every last
request (without resort to session)?

My hope would be for something like:

redirect_to :back

But this is a no-go…

Lille

Lille wrote:

Hi,

In the course of integrating an authentication module (Authlogic) into
my Rails app, I’ve developed the following priority:

‘If the current user makes a url request for which they are
ineligible, return the user to the page from which they made their
invalid request.’

One way to get at this is with the following two methods in the
application_controller:

def store_location
session[:return_to] = request.request_uri
end

def redirect_back_or_default(default)
redirect_to(session[:return_to] || default)
session[:return_to] = nil
end

But if I wanted to guarantee that the user was redirected back to any
action from which they made an ineligible request, I would need to
call store_location for every such controller action, which is crazy.

Not crazy at all. Just put it in a before_filter.

Is there no inexpensive way that Rails will remember every last
request (without resort to session)?

Putting it in the session is pretty inexpensive, and probably the right
thing to do.

My hope would be for something like:

redirect_to :back

But this is a no-go…

Why?

Lille

–Â
Marnen Laibow-Koser
http://www.marnen.org
[email protected]

Sent from my iPhone

On Jul 2, 2010, at 11:42 AM, Marnen Laibow-Koser wrote:

My hope would be for something like:

redirect_to :back

But this is a no-go…

Why?

Well, for one thing, you don’t always have an HTTP_REFERER (if the
user types a URL into the browser for example).

You get this nearly for free with Authlogic anyway. Just modify the
example require_user and associated code to fit your needs.

-Rob

Rob B.
[email protected] http://AgileConsultingLLC.com/
[email protected] http://GaslightSoftware.com/

On Jul 2, 2010, at 12:02 PM, Lille wrote:

@Rob - Yes, I see what you’re referring to in the Authlogic example
code. I guess I can feel comforted by that…

@Marnen, @Rob - …but isn’t reliance on session expensive, e.g., if
I’ve chosen server-side ActiveRecordStore session storage?

Um, compared to what? If the work to instantiate the session from the
database, alter a value, and write it base is your bottleneck, I’d say
you have one blazingly fast application :wink:

I wouldn’t worry about that (at least no yet). You have to load the
user info (session + User model) to check the permission anyway so you
have to hit the database.

-Rob

Rob B.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en
.

Rob B.
[email protected] http://AgileConsultingLLC.com/
[email protected] http://GaslightSoftware.com/

@Rob - Yes, I see what you’re referring to in the Authlogic example
code. I guess I can feel comforted by that…

@Marnen, @Rob - …but isn’t reliance on session expensive, e.g., if
I’ve chosen server-side ActiveRecordStore session storage?

On Jul 2, 11:51 am, Rob B. [email protected]

On Jul 2, 2010, at 12:44 PM, Lille wrote:

unauthenticated users can use all app functionality up to a certain
point, when they have to register (a try-before-you-buy approach.)

So, under this approach I have to apply the require_user approach in a
before_filter for every action, not just those associated with a few
protected pages. This just seems like a lot of work. It’s like adding
a layer of authentication goo all over my app and unlike, preferably,
enabling authentication as a ‘switch’ to my app.

Lille

If you only put the before_filter :require_user on those controllers
(or scoped to :only => [:some, :actions]), then you only have the
overhead for the actions that really need a user. You can also use (I
think) skip_session to avoid all the session overhead when you have
absolutely no need for it.

-Rob

-Rob


[email protected] http://AgileConsultingLLC.com/
.

Rob B. http://agileconsultingllc.com
[email protected]
+1 513-295-4739
Skype: rob.biedenharn

Rob,

I see what you’re saying, esp., given your comment:

“you have to load the user info (session + User model) to check the
permission anyway so you have to hit the database”

Unlike what I sense is anticipated by the Authlogic example code, I
take the following approach in my app:

unauthenticated users can use all app functionality up to a certain
point, when they have to register (a try-before-you-buy approach.)

So, under this approach I have to apply the require_user approach in a
before_filter for every action, not just those associated with a few
protected pages. This just seems like a lot of work. It’s like adding
a layer of authentication goo all over my app and unlike, preferably,
enabling authentication as a ‘switch’ to my app.

Lille

On Jul 2, 12:20 pm, Rob B. [email protected]