User redirected to "wrong" page after sign_in.
72 views
Skip to first unread message
sreid
Apr 22, 2012, 12:31:56 PM4/22/12
to Devise
I found a (minor) issue with devise when writing some integration
tests.
- try to read an authenticated page : page1
- redirected to sign_in page, but don't sign_in
- read public (non-authenticated) page : page2
- sign_in
- redirected to page1 not page2
I tried it manually in the browser too, and got the same result.
I think it's related to the session variable "user_return_to" which is
updated by store_location! in failure_app.rb. I suspect
it only updates "user_return_to" after a failed attempt to access an
authenticated page.
This means after sign_in, the user is redirected to the last page he
failed to access, not the last page he accessed.
Is this how devise is intended to work ? If yes, how would I override
it ?
tests.
- try to read an authenticated page : page1
- redirected to sign_in page, but don't sign_in
- read public (non-authenticated) page : page2
- sign_in
- redirected to page1 not page2
I tried it manually in the browser too, and got the same result.
I think it's related to the session variable "user_return_to" which is
updated by store_location! in failure_app.rb. I suspect
it only updates "user_return_to" after a failed attempt to access an
authenticated page.
This means after sign_in, the user is redirected to the last page he
failed to access, not the last page he accessed.
Is this how devise is intended to work ? If yes, how would I override
it ?
sreid
Apr 22, 2012, 6:59:32 PM4/22/12
to Devise
For now I did a work-around using a before_filter in my
application_controller which calls :
def devise_hack!
session["user_return_to"] = request.path if request.get?
end
application_controller which calls :
def devise_hack!
session["user_return_to"] = request.path if request.get?
end
Carlos Antonio da Silva
Apr 22, 2012, 7:03:46 PM4/22/12
to plataforma...@googlegroups.com
Yeah, that's the intended behavior, because the saving occurs when a failure in authentication happens, to redirect the user back to the attempted page after sign in.
At.
Carlos Antonio
sreid
Apr 23, 2012, 4:12:25 AM4/23/12
to Devise
I modified my fix above to :
session["user_return_to"] = request.path if request.get? and !
(request.path == new_user_session_path)
This returns to the user to the last page he tried to get, which is
most likely what he wanted, and could be better than the current
behaviour.
session["user_return_to"] = request.path if request.get? and !
(request.path == new_user_session_path)
This returns to the user to the last page he tried to get, which is
most likely what he wanted, and could be better than the current
behaviour.
Carlos Antonio da Silva
Apr 23, 2012, 7:40:40 AM4/23/12
to plataforma...@googlegroups.com
Great, thanks :)
At.
Carlos Antonio
sreid
Apr 23, 2012, 8:07:50 AM4/23/12
to Devise
Could the devise gem be changed to provide the above behaviour, or is
there some downside I've overlooked ?
there some downside I've overlooked ?
Carlos Antonio da Silva
Apr 23, 2012, 8:24:37 AM4/23/12
to plataforma...@googlegroups.com
Hmm, I don't think so, this requirement changes from application to application, so it's probably better to override the return_to url when required to force the redirect to a public path, than forcing devise to always do that. This may not be required in some circumstances.
At.
Carlos Antonio
Reply all
Reply to author
Forward
0 new messages