I have a ruby on rails app that has a signup page. Different pages redirect to the signup page and need to set another page to redirect to after the sign up is complete. What is the best way to do this? I'm currently doing this:
link_to '/signup?redirect=/blah/page6
...and getting the redirect variable in the signup controller and using that to set the after signup page. I'm worried that this may cause some security issues, but I'm not really sure.
Is this acceptable or is there a better way?
I use these 2 methods to help with this in my application_controller.rb:
def store_location
session[:return_to] = params[:redirect]
end
def redirect_back_or_default(default)
redirect_to(session[:return_to] || default)
session[:return_to] = nil
end
When they reach the signup page, just run store_location, and when it's finished and complete, use the redirect_back_or_default method.
(Of course modify this to your liking)
Have you used a plugin/gem for authentication? I suggest Clearance or Devise if you haven't. Clearance redirect you to 'where you came from' automagically, and both are as secure as the 100's of dev's who are working on them and using them have let it become (so that means pretty secure).
Right now I prefer Devise having said all that.
Garrett's solution looks like it comes from Restful authentication, which is another good authentication plugin.