I have a Rails 3.2 app that uses session store in the controllers to get the user back to the screen they were previously on.
It's been working fine for over a year. All of a sudden, the production version on Heroku, has started having issues. The user is looking at a worequest
and clicks on the following in order to add a comment
.
<%= link_to 'New Comment', new_comment_path(:worequest_id => @worequest.id), :class => 'btn btn-primary' %>
This is the code I use:
def new
@comment = Comment.new
@comment.build_attachment
@worequest = params[:worequest_id]
session[:return_to] ||= request.referer
respond_to do |format|
format.html # new.html.erb
format.json { render json: @comment }
end
end
# POST /comments
# POST /comments.json
def create
@comment = Comment.new(params[:comment])
respond_to do |format|
if @comment.save
if session[:return_to] != nil
format.html { redirect_to session.delete(:return_to), notice: 'Comment was successfully created.' }
format.json { render json: @comment, comment: :created, location: @comment }
else
format.html { redirect_to :back, notice: 'Comment was successfully created.' }
format.json { render json: @comment, comment: :created, location: @comment }
end
else
format.html { render action: "new" }
format.json { render json: @comment.errors, status: :unprocessable_entity }
end
end
end
In development and staging (on Heroku), the user goes back to the worequest
after entering a new comment
.
Now in Production, the url looks like this:
mywebsite/comments instead of mywebsite/worequests/639
I'm not even sure where the session[:return_to] gets stored. Therefore, I'm having trouble debugging the issue.
Thanks for your help!!
Are you able to replicate this behavior 100% of the time, or just seeing it sometimes in your log?
It looks like someone is getting to comments#new
from /comments (comments#index). Is there a route to /comments?
Run rake routes
to see all your routes.
If there is a route to comments#index, and there's no reason for it to be exposed because you only intend for people to post comments from within the context of a specific article, consider removing it the comments#index route.
Also, one thing to consider, request.referrer is not always available. It's sent by the client who may choose not to send it (e.g. certain privacy extensions remove this header).
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments