Samstag, 11. Oktober 2008

Simple Cookie Detect

All PUT, UPDATE and DESTROY methods require the session cookie with protect_from_forgery or the application will break if a browser has cookies turned off when one of these methods are used.

Unfortunately, when a browser calls the application for the first time, the session cookie wil be written, but it wont be read untill the next page request. This makes it impossible to know if cookies are off, or of in the browser so anyone visiting the application first time and lets say, posts a form will be disapointed.

This is a simple solution to the problem. All controllers will call a cookies_required method when PUT, UPDATE or DESTROY methods are used. The cookies_required method looks to see it if the session cookie is empty - if it is, it will catch the http-referrer and redirect to the method check_for_cookies - if the session cookie is still empty, then we can be certain that cookies are off in the browser and refrain the user from using the
PUT, UPDATE or DESTROY methods. Instead we show a message about cookies being off and the application having limited functionality untill they are turned on.

Add the following to application.rb

..before_filter :cookies_required, :except => [:show, :check_for_cookies]

..def check_for_cookies
....if request.cookies["_cookie_detect_session"].to_s.blank?
......render :text => 'You absolutly Need Cookies on to use this function'
......redirect_back_or_default(:controller => 'home')


..def cookies_required?
....return unless request.cookies["_cookie_detect_session"].to_s.blank?
....session[:return_to] = request.request_uri
....redirect_to(:controller => 'home',:action => 'check_for_cookies')

..def redirect_back_or_default(default)
....session[:return_to] ? redirect_to(session[:return_to]) : redirect_to(default)
....session[:return_to] = nil

Keine Kommentare: