redirect back to last get request after timeout causes extra 401 redirect
26 views
Skip to first unread message
javinto
May 15, 2013, 9:25:20 AM5/15/13
to plataforma...@googlegroups.com
Hi,
If a user submits a page (POST/PUT) after his timeout expired, he will have to login again. After that he will be redirected to the page he came from. This is done by the #store_location!() method and only works for GET requests. So, I expect to be redirect to the last :new or :edit action of the controller the Submit came from. That does not happen. The reason is that between Authorizing the submit request and the sign_in request an extra redirect takes place which is stored by #store_location!(). This is my log
Started PUT "/domains/7" for 127.0.0.1
Processing by DomainsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"PrZH7GtmPSztC5itWHuaBpousHHfprbQgLV4s+dLyAk=", "commit"=>"save", "domain"=>{"name"=>"test", "usage_type"=>"test", "blocked"=>"0"}, "id"=>"7"}
User Load (0.4ms) SELECT `people`.* FROM `people` WHERE `people`.`type` IN ('User') AND `people`.`id` = 16 ORDER BY sort_name LIMIT 1
Completed 401 Unauthorized in 2ms
# WHERE DOES THIS COME FROM?
Started GET "/domains/7" for 127.0.0.1
Processing by DomainsController#show as HTML
Parameters: {"id"=>"7"}
Completed 401 Unauthorized in 0ms
Started GET "/users/sign_in" for 127.0.0.1
Processing by Devise::SessionsController#new as HTML
....
So you see three requests where I would expect to see only two. The one in red just shows up extra. Where does it come from?
Notice that there is no "redirect to /domains/7" message in the first request what normally happens by Rails if a redirect is taking place.
In my application I use Rails 3.2.13 with Devise 2.2.4.
I normally use Devise_invitable 1.1.8 and CanCan 1.6.9 but deactived them to exclude their roles.
The minimum I test with in my Person model was: devise :database_authenticatable, :timeoutable
Any idea?
If a user submits a page (POST/PUT) after his timeout expired, he will have to login again. After that he will be redirected to the page he came from. This is done by the #store_location!() method and only works for GET requests. So, I expect to be redirect to the last :new or :edit action of the controller the Submit came from. That does not happen. The reason is that between Authorizing the submit request and the sign_in request an extra redirect takes place which is stored by #store_location!(). This is my log
Started PUT "/domains/7" for 127.0.0.1
Processing by DomainsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"PrZH7GtmPSztC5itWHuaBpousHHfprbQgLV4s+dLyAk=", "commit"=>"save", "domain"=>{"name"=>"test", "usage_type"=>"test", "blocked"=>"0"}, "id"=>"7"}
User Load (0.4ms) SELECT `people`.* FROM `people` WHERE `people`.`type` IN ('User') AND `people`.`id` = 16 ORDER BY sort_name LIMIT 1
Completed 401 Unauthorized in 2ms
# WHERE DOES THIS COME FROM?
Started GET "/domains/7" for 127.0.0.1
Processing by DomainsController#show as HTML
Parameters: {"id"=>"7"}
Completed 401 Unauthorized in 0ms
Started GET "/users/sign_in" for 127.0.0.1
Processing by Devise::SessionsController#new as HTML
....
So you see three requests where I would expect to see only two. The one in red just shows up extra. Where does it come from?
Notice that there is no "redirect to /domains/7" message in the first request what normally happens by Rails if a redirect is taking place.
In my application I use Rails 3.2.13 with Devise 2.2.4.
I normally use Devise_invitable 1.1.8 and CanCan 1.6.9 but deactived them to exclude their roles.
The minimum I test with in my Person model was: devise :database_authenticatable, :timeoutable
Any idea?
Reply all
Reply to author
Forward
0 new messages