diff options
Diffstat (limited to 'app/controllers/sessions_controller.rb')
| -rw-r--r-- | app/controllers/sessions_controller.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index e115b35..64bf951 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb | |||
| @@ -13,13 +13,15 @@ class SessionsController < ApplicationController | |||
| 13 | logout_keeping_session! | 13 | logout_keeping_session! |
| 14 | user = User.authenticate(params[:login], params[:password]) | 14 | user = User.authenticate(params[:login], params[:password]) |
| 15 | if user | 15 | if user |
| 16 | return_to = session[:return_to] | ||
| 17 | |||
| 16 | # Protects against session fixation attacks, causes request forgery | 18 | # Protects against session fixation attacks, causes request forgery |
| 17 | # protection if user resubmits an earlier form using back | 19 | # protection if user resubmits an earlier form using back |
| 18 | # button. Uncomment if you understand the tradeoffs. | 20 | # button. Uncomment if you understand the tradeoffs. |
| 19 | reset_session | 21 | reset_session |
| 20 | 22 | ||
| 21 | self.current_user = user | 23 | self.current_user = user |
| 22 | redirect_back_or_default('/de/admin') # TODO: insert appropriate path to cms main page | 24 | redirect_to safe_return_to(return_to, :default => admin_path) |
| 23 | flash[:notice] = "Logged in successfully" | 25 | flash[:notice] = "Logged in successfully" |
| 24 | else | 26 | else |
| 25 | note_failed_signin | 27 | note_failed_signin |
