ruby-on-rails – 使用条件启动sign_up页面？

# app/controllers/preauth_controller.rb
def new
end

def create
  if params[:answer] == 'correct answer'
    # Create a secret value,the `token`,we will share it to the client
    # through the `session` and store it on the server in `Rails.cache`
    # (or you can use the database if you like)
    #
    # The fact that this token expires (by default) in 15 minutes is
    # a bonus,it will secure the system against later use of a stolen
    # cookie. The token is also secure against brute force attack
    @token = SecureRandom.base64
    session[:preauthorization_token] = @token
    Rails.cache.write("users/preauthorization_tokens/#{@token}","OK")
    redirect_to sign_up_path
  else
    flash[:error] = 'Incorrect answer'
    render :new
  end
end


# app/controllers/users_controller.rb
before_filter :verify_preauth,only: [:new,:create]

def verify_preauth
  # When we approve preauthorization we confirm that the
  # `token` is known to the client,if the client knows the token
  # let him sign up,else make him go away
  token = session[:preauthorization_token]
  redirect_to new_preauth_path unless token and Rails.cache.read("users/preauthorization_tokens/#{token}") == "OK"
end

可选择的事情/玩….

>创建用户时,删除成功使用的Rails.cache条目>玩：expires_in设置,如果你想,你通常希望它尽可能短,只要需要:)但是,默认15分钟的轨道是相当不错>有更好的方法来解决这个和类似的安全问题的cookie – 即你可以创建一个server_session对象,它基本上与会话相同,但是将数据存储在Rails.cache中,并将一个随机可取的令牌存储在用于访问的会话中缓存条目与我们在这里做的一样>只需去服务器端会话,不用担心会话的安全性,但这意味着由于你的Rails.cache往返(redis,memcache,AR,…)的响应时间更长.>而不是OK进入缓存值,你可以存储值的哈希值,如果你需要更多的数据,安全地存储在主机上,这样做> …