Age Verify

Is this the best way to do this?

class ApplicationController < ActionController::Base
  before_filter :adult?

  def adult?
    session[:age] == true

  def adult
    session[:age] = true
    redirect_to :back

In view:
<%= button_to "Enter", { :action => "adult" } %>

What is preventing someone from doing a fake POST request on the adult

Adding session[:check] to the view

<% session[:check] == true %>
<% button_to ........ %>

and an if statement to the ApplicationController does not seem like a
good solution.
This RESTful design has been posing many problems for me. Is there
something I'm missing about it? Why is it *so* good. It just makes
everything impossible to program for.

This seems to work. Is this what I should be doing with my excess REST

module ApplicationHelper
def checked
    session[:check] == true

Scratch that it didn't work.


edberner wrote:



bump bumpity

Sorry about that.
I thought I had had it well explained.
The problem is I don't know where to set session[:checked] for when we
know the user has been to the check page. Setting it in the view seems
to not be functional, as does throwing a method into the helper. This
is the functionality I want:

before_filter :adult?
def adult?
session[:adult] == true

def adult # a method from a form on the page that sets the
session[:checked] (just makes sure the user has in fact been to that

if session[:checked] == true # how do i set this to *be* true???
session[:adult] = true

Ok. As it stands I have a <% unless session[:adult] %> PAGE <%else %>
actual <%=yield%>content <%end%>

set up in my application.html.erb
is this not a good idea? where should i check template?

I guess I'm not making myself clear. I am using a before_filter and
everything works Fine.
However, my code is not secure. Should someone go make a PUT request
on to /controller/adult they would be verified as an adult without
seeing the page I want them to see before that. That's the page I want
to put the session[:checked] on. And currently that page lives in an
unless statement.

I understand that too, but now I can't make a request to adult to set
session[:adult] true
This is so frustrating. Thanks for your help.

Ok. I can't make it any simpler than this. I'm saying across the Whole
site, if the user has not seen this one page, (the first part of that
unless statement) they can't get to the rest of the page and are
consequently redirected to that page.