Age Verify

Is this the best way to do this?

class ApplicationController < ActionController::Base   before_filter :adult?

  def adult?     session[:age] == true   end

  def adult     session[:age] = true     redirect_to :back   end end

In view: <%= button_to "Enter", { :action => "adult" } %>

What is preventing someone from doing a fake POST request on the adult action?

Adding session[:check] to the view

<% session[:check] == true %> <% button_to ........ %>

and an if statement to the ApplicationController does not seem like a good solution. This RESTful design has been posing many problems for me. Is there something I'm missing about it? Why is it *so* good. It just makes everything impossible to program for.

This seems to work. Is this what I should be doing with my excess REST actions???

module ApplicationHelper def checked     session[:check] == true end

Scratch that it didn't work.


edberner wrote:



bump bumpity

Sorry about that. I thought I had had it well explained. The problem is I don't know where to set session[:checked] for when we know the user has been to the check page. Setting it in the view seems to not be functional, as does throwing a method into the helper. This is the functionality I want:

ApplicationController before_filter :adult? def adult? session[:adult] == true end

def adult # a method from a form on the page that sets the session[:checked] (just makes sure the user has in fact been to that page

if session[:checked] == true # how do i set this to *be* true??? session[:adult] = true end

Ok. As it stands I have a <% unless session[:adult] %> PAGE <%else %> actual <%=yield%>content <%end%>

set up in my application.html.erb is this not a good idea? where should i check template?

I guess I'm not making myself clear. I am using a before_filter and everything works Fine. However, my code is not secure. Should someone go make a PUT request on to /controller/adult they would be verified as an adult without seeing the page I want them to see before that. That's the page I want to put the session[:checked] on. And currently that page lives in an unless statement.

I understand that too, but now I can't make a request to adult to set session[:adult] true This is so frustrating. Thanks for your help.

Ok. I can't make it any simpler than this. I'm saying across the Whole site, if the user has not seen this one page, (the first part of that unless statement) they can't get to the rest of the page and are consequently redirected to that page.