better way to hide passed parameters in url than 'params.except'?

Question

I'm really confused about how rails passes parameters to GET-requests. I have a rails app with a login form. If a user wants to login with a default test user, he/she can click on a link which passes the test-email and the test-password.

The following works well:

<%= link_to "test login", login_path(:email => "test-email", :password => "test-password") %>

When this is clicked, the login pages loads with the email- and password-field prefilled.

The problem is, that both the email and the password will be shown in the url. Yesterday, this worked for me:

<%= link_to "test login", login_path(params.except(:email => "test-email", :password => "test-password")) %>

Today, without having changed the code, the parameters are not passed when I use params.except.

So, how can I ensure that the parameters will be passed but not shown in the url?

Edit: problem solved. see my answer.

Answer 1

I solved it. Added the following to my routes.rb:

get 'test_login' => 'sessions#new', :email => "the test email", :password => "the test password"

So i just can call <%= link_to "test login", test_login_path %> This will transmit the default email and password and prefill the login form, but the url will just be .../test_login

In my opinion, that's way smarter than params.except.