-
|
Hey all! Is anyone using Roduth's Redirect to original page after login functionality to redirect users after creating an account? In the case of a signed out user attempting to access a protected resource, this feature does appear to correctly redirect the user back to that protected resource after signing in. I was hoping to do the same for new users in terms of redirecting them back to the protected resource after they create an account. However, as best I can tell, I'm still in the process of debugging to see if I can track this down to something in Rails vs Rodauth vs Rodauth-rails, but in the mean time, I was hoping someone might have this working already! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
To prevent session fixation attacks, the session will get reset when the user is autologged in after account creation, which includes the login redirect session key. The login feature explicitly caches the value in an instance variable so that after login it can redirect to that page (as login will clear the session). However, the autologin after account creation doesn't reuse this code. You should be able to do something like: before_create_account { @saved_create_account_redirect = remove_session_value(login_redirect_session_key) }
create_account_redirect { @saved_create_account_redirect || super() } |
Beta Was this translation helpful? Give feedback.
-
|
Oh perfect, that did the trick. Thank you @janko! 🎉 |
Beta Was this translation helpful? Give feedback.
To prevent session fixation attacks, the session will get reset when the user is autologged in after account creation, which includes the login redirect session key. The login feature explicitly caches the value in an instance variable so that after login it can redirect to that page (as login will clear the session). However, the autologin after account creation doesn't reuse this code.
You should be able to do something like: