Use Session Sparingly (or The Benefits of Flash)

June 5, 2006 at 9:52 am · Filed under All, Rails, Ruby

As tempting as it is to use it for everything, the rails session should be used sparingly. In reading through the code for my current project, I noticed that we are using the session for storing return urls and query strings when doing login redirects. This is bad.

Let’s look at an example of user behavior to see why:

  1. The user types http://superapp.com/account/logged_in into their browser.
  2. This url is protected to the user is redirected to http://superapp.com/account/login and /account/logged_in is stored in session[:jump_to].
  3. The user gets confused, lost, or just behaves like a typical user and navigates somewhere else.
  4. Sometime later, the user goes to http://superapp.com/account/login and logs in.
  5. The user is taken to ‘/account/logged_in’ instead of ‘account/welcome’. The user is confused.

Though user confusion on its own is bad, this still may not seem like much of a problem. So the user gets redirected to a different url than usual, how bad is that? In the app I’m currently working on, this behavior can be very bad. Depending on how the user is coming to the site and logging in, a bad return url can cause significant confusion to the user.

To fix this problem, the flash should be used instead of the session. Though the flash technically is the session, it is automatically cleared after each request. This prevents time sensitive data such as redirection urls from being stored longer than necessary and guarantees that you do not confuse your user with seemingly different points of entry on login.

Leave a Comment