Age Verify

Is this the best way to do this?

class ApplicationController < ActionController::Base
  before_filter :adult?

  def adult?
    session[:age] == true
  end

  def adult
    session[:age] = true
    redirect_to :back
  end
end

In view:
<%= button_to "Enter", { :action => "adult" } %>

What is preventing someone from doing a fake POST request on the adult
action?

Adding session[:check] to the view

<% session[:check] == true %>
<% button_to ........ %>

and an if statement to the ApplicationController does not seem like a
good solution.
This RESTful design has been posing many problems for me. Is there
something I'm missing about it? Why is it *so* good. It just makes
everything impossible to program for.

This seems to work. Is this what I should be doing with my excess REST
actions???

module ApplicationHelper
def checked
    session[:check] == true
end

Scratch that it didn't work.

bump

edberner wrote:

bump
  

killfile...

bump bumpity

Sorry about that.
I thought I had had it well explained.
The problem is I don't know where to set session[:checked] for when we
know the user has been to the check page. Setting it in the view seems
to not be functional, as does throwing a method into the helper. This
is the functionality I want:

ApplicationController
before_filter :adult?
def adult?
session[:adult] == true
end

def adult # a method from a form on the page that sets the
session[:checked] (just makes sure the user has in fact been to that
page

if session[:checked] == true # how do i set this to *be* true???
session[:adult] = true
end

Ok. As it stands I have a <% unless session[:adult] %> PAGE <%else %>
actual <%=yield%>content <%end%>

set up in my application.html.erb
is this not a good idea? where should i check template?

I guess I'm not making myself clear. I am using a before_filter and
everything works Fine.
However, my code is not secure. Should someone go make a PUT request
on to /controller/adult they would be verified as an adult without
seeing the page I want them to see before that. That's the page I want
to put the session[:checked] on. And currently that page lives in an
unless statement.

I understand that too, but now I can't make a request to adult to set
session[:adult] true
This is so frustrating. Thanks for your help.

Ok. I can't make it any simpler than this. I'm saying across the Whole
site, if the user has not seen this one page, (the first part of that
unless statement) they can't get to the rest of the page and are
consequently redirected to that page.