Login flash message for Devise lost when forcing SSL

0
votes

Rails 3.2 app with Devise 2.1.2.

When an unauthenticated user visits a URL requiring authentication, Devise redirects them to the login page and presents a flash message, like

Please log in or sign up before continuing

I am forcing SSL for session and registration:

config.to_prepare { Devise::SessionsController.force_ssl }
config.to_prepare { Devise::RegistrationsController.force_ssl }

When a user visits a URL like: https://example.com/some/internal/page (with SSL) the message appears on the login page. However when the user visits http://example.com/some/internal/page (without SSL), they are still redirected to the login page, but the flash message is missing.

I guess maybe it's getting lost because there are two redirects: one to the login page and again to the SSL login page.

How can I overcome this and get the message to display?

2
rubydeviseruby-on-rails-3.2

2 Answers

0
votes

You can specify the flash message you want to show after the redirect to SSL by passing an option called flash to force_ssl. See here

0
votes

Here's how I hacked this, but it's not the "right" answer.

class SessionsController < Devise::SessionsController

  def new
    #NOTE: Maybe it's a hack to do this here, but how else to handle N redirects?
    flash.now[:alert] = "Please log in or #{view_context.link_to 'sign up', new_user_registration_path } to continue.".html_safe if session['user_return_to'].present?
    super
  end

  ...

end

class RegistrationsController < Devise::RegistrationsController

  def new
    #NOTE: Maybe it's a hack to do this here, but how else to handle N redirects?
    flash.now[:alert] = "Please sign up or #{view_context.link_to 'log in', new_user_session_path } to continue.".html_safe if session['user_return_to'].present?
    super
  end

  ...

end

This does have the extra benefit of being able to link to log in or sign up as appropriate from the flash message.