diff options
| author | erdgeist <erdgeist@erdgeist.org> | 2026-07-14 01:32:30 +0200 |
|---|---|---|
| committer | erdgeist <erdgeist@erdgeist.org> | 2026-07-14 01:32:30 +0200 |
| commit | 7185965d97a2d7d98f5feda6cc10fb5d87fcf816 (patch) | |
| tree | 0605a4b72c55224c4545d9ce8cfbdb101c619495 /app/controllers/sessions_controller.rb | |
| parent | a18a170f791769691fe905cfe76d103b7a345e87 (diff) | |
Store return_to before resetting session in loging. Fixes returning to an admin page before logging in
Diffstat (limited to 'app/controllers/sessions_controller.rb')
| -rw-r--r-- | app/controllers/sessions_controller.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index e115b35..64bf951 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb | |||
| @@ -13,13 +13,15 @@ class SessionsController < ApplicationController | |||
| 13 | logout_keeping_session! | 13 | logout_keeping_session! |
| 14 | user = User.authenticate(params[:login], params[:password]) | 14 | user = User.authenticate(params[:login], params[:password]) |
| 15 | if user | 15 | if user |
| 16 | return_to = session[:return_to] | ||
| 17 | |||
| 16 | # Protects against session fixation attacks, causes request forgery | 18 | # Protects against session fixation attacks, causes request forgery |
| 17 | # protection if user resubmits an earlier form using back | 19 | # protection if user resubmits an earlier form using back |
| 18 | # button. Uncomment if you understand the tradeoffs. | 20 | # button. Uncomment if you understand the tradeoffs. |
| 19 | reset_session | 21 | reset_session |
| 20 | 22 | ||
| 21 | self.current_user = user | 23 | self.current_user = user |
| 22 | redirect_back_or_default('/de/admin') # TODO: insert appropriate path to cms main page | 24 | redirect_to safe_return_to(return_to, :default => admin_path) |
| 23 | flash[:notice] = "Logged in successfully" | 25 | flash[:notice] = "Logged in successfully" |
| 24 | else | 26 | else |
| 25 | note_failed_signin | 27 | note_failed_signin |
