Interaction between redirect_to and session variable

rubyonrails-talk
1

I have used restful_authentication to implement a login system and it works fine except that every couple of weeks I can’t login when I use IE; it works fine when I use other browsers! The problem goes away after a few hours! It seems to me somehow sometimes after logging in, the session variable is not set!

I have the following code for create action in my sessions_controller.rb

  def create     logout_keeping_session!     user = User.authenticate(params[:login], params[:password])

    if user       self.current_user = user       new_cookie_flag = (params[:remember_me] == "1")       handle_remember_cookie! new_cookie_flag

      redirect_to '/sessions/home'     else       note_failed_signin       @login = params[:login]       @remember_me = params[:remember_me]

      redirect_to "/sessions/login"     end end

Can redirect_to '/sessions/home' cause the problem with the session variable and erase its value?

2

I have used restful_authentication to implement a login system and it works fine except that every couple of weeks I can’t login when I use IE; it works fine when I use other browsers! The problem goes away after a few hours! It seems to me somehow sometimes after logging in, the session variable is not set!

apparently IE has quirks when setting a cookie at the same time as redirecting. Some say that setting a P3P header help (see comments on

for example)

Fred

3

Thank you, Fred! I looked at the page that you mentioned and some related pages. I have implemented several possible solutions and will try them next time the bug is activated and will post the result here for others who may face this problem in future.

Frederick Cheung wrote in post #972206: