0

When logout is clicked I want to redirect back to the page the user was on unless that page requires a user to be logged in.

scenario 1 - "back" requires a user 1) User clicks logout from user account page 2) redirected (ultimately) to root_path

scenario 2 - "back" does not require a user 1) User clicks logout from (not user required) events page 2) redirected (ultimately) to events_path

It's been suggested I update my before_filter :require_use method to be something like this:

  def require_user
    unless current_user
      flash[:notice] = "You must be logged in to view this page"
      redirect_to user_coming_from_logout_method? root_path : login_path
    end 
  end

Except I've been unable to define #user_coming_from_logout_method?

One might think that it is simply:

request.referrer == "/logout"

But in the above example request.referrer actually == "/user_account", not the intermediate logout method. Very weird, I know.

Suggestions?

jsharpe
  • 2,546
  • 3
  • 26
  • 42

1 Answers1

0

I don't think you can rely on the browser to set the referrer on a redirect. This thread discusses that issue in some detail.

Maybe set something in session in the logout controller, which you test for and then clear in the require_user method?

Community
  • 1
  • 1
zetetic
  • 47,184
  • 10
  • 111
  • 119
  • dont think this would work for scenario 2 -- in that case the user never hits the #require_user method and therefore this session thing would never be cleared. It'd be left dangling and probably result in something unexpected down the line. – jsharpe Aug 23 '10 at 13:14
  • ..unless you also have a `require_no_user` method? – zetetic Aug 23 '10 at 16:25
  • doesn't that imply that every method must either require_user or require_no_user? that's not the case. I suppose I could add an after_filter to clear the session thing -- that's epic overkill though. – jsharpe Aug 23 '10 at 19:19
  • Good point... it's not quite as simple a problem as it appears at first glance – zetetic Aug 23 '10 at 19:46