Preserving POST request body across authentication

Hello,

I don't think this is something which has already been answered.

Using, for example Restful authentication, sessions can time-out
resulting in an authentication screen being shown. The original URI is
normally saved and redirected to upon a successful authentication with
something like this:

   session[:return_to] = request.request_uri

... authentication happens; subsequently ...

   redirect_to(session[:return_to] || default)

However if the original request was a POST the original body is going
to be lost. Has anyone got a solution which preserves the whole of
the original request so the authentication process becomes
transparent?

Thanks
James.

Why would you want to repost a POST request? If the original URI was
a data entry form, are you going to repost the same data back to the
controller? Session time outs are for security. The end user can
afford to go through a few clicks to get back to what he/she was doing
in the first place. It is a minor inconvenience for letting your
session expire.

Hello,

I don't think this is something which has already been answered.

Using, for example Restful authentication, sessions can time-out
resulting in an authentication screen being shown. The original URI is
normally saved and redirected to upon a successful authentication with
something like this:

session[:return_to] = request.request_uri

... authentication happens; subsequently ...

redirect_to(session[:return_to] || default)

However if the original request was a POST the original body is going
to be lost. Has anyone got a solution which preserves the whole of
the original request so the authentication process becomes
transparent?

Thanks
James.

Theres a couple of ways you can do this ....
The easiest of course making your session so it doesnt expire :slight_smile: or
Depending on how much data you were trying to retain you could set a
new cookie with the data when editing
even though the session would expire/be removed the cookie should
remain. (provided you save to the cookie before trying to log a user
out)
then upon re-logging in check the cookie, and ask the user if he/she
wants to carry on editing. if they select yes load the cookie data
into the post.
If your dealing with sat a text area with lots of text then you would
not be able to store it all in the cookie but could store a pointer
such as an artice_id and use memcache to store the text.
Consider also using a periodic ajax request to save a draft which is
set to run at lesser intervals to your session timeout, this is what
sites such as gmail do.
Or even easier use the ajax call to keep pinging the server when on
such a critical page and that way it will keep you logged in.

Adam

Thanks for your comments.

"Why would you want to repost a POST request?"
Because I don't want the end user to have to do a few more clicks;
browsers sometimes forget what you told them, or users have "finger
trouble" when presented with a request to repeat themselves. As far
as the user is concerned they just sent the only copy of their latest
novel to us and they'd rather not re-key it.

"Session time outs are for security."
Yes, and so I'd like them to be relatively short and this has the
potential to be inconvenient if we forget their POST data.

Thanks again
James

Yes, I could use a temporary store (memcache or a activerecord would
both do) for the data and add a reference of some sort to that data
into my session.

Solutions which do intermediate "pings" of some form don't seem that
elegant to me; much better to avoid the need to handle these (and
their effect on system load) by assuming sessions do time out from
time to time just before a POST.

However what I am looking for is a neat way to wrap up the re-
submission of that data out of the temporary store so it's transparent
to most of my application. For example the full set of POSTed
parameters should become available again in the params object when
I've authenticated.

could you just pass the full params object to memcache/active record before logout.
That way you dont have to wrap anything.

ie/

require 'memcache'

#just before system redirects user to logout if session has expired
user_id = YOUR_USER_ID
cache = MemCache.new 'localhost:11211'
cache.set(user_id, params)

#when you log back in you can se params programatically as follows
user_id = YOUR_USER_ID
params = cache.get(user_id)

# you might want to filter some of it out by setting params[:whatever] = nil

Or, you could yaml-ize it into a hidden form input field.

Julian.

Learn Ruby on Rails! Check out the FREE VIDS (for a limited time)
VIDEO #3 out NOW!
http://sensei.zenunit.com/

Adam, thanks. I think serialising the params object into my store,
remembering a reference to them, and then params =
something.get(user_id) looks like the neatest thing.
James.