Skip to content


Keep flash when redirecting via force_ssl #1923

shir opened this Issue · 6 comments

5 participants


Need to keep flash messages when do redirecting via force_ssl method. Here is a patch:

diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index ed693c5..b255115 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -26,10 +26,11 @@ module ActionController
       def force_ssl(options = {})
         before_filter(options) do
           if !request.ssl? && !Rails.env.development?
+            flash.keep
             redirect_to :protocol => 'https://', :status => :moved_permanently
\ No newline at end of file

+1 on this issue

Ruby on Rails member

How does this work if your session cookie is HTTPS only? Won't a new session get created and the flash will be lost.

One other thing - no tests! :-)

Ruby on Rails member

any update on this? can you provide at least an app to show what are you trying to do?.
A test case with a properly formatted patch would be better.


We are trying to use ssl only for authentication. So, for example:

  1. User goes to action which requires authentication.
  2. He redirects to login form with flash message "Please login first"
  3. But login action has filter force_ssl and redirects user to https.
  4. Now flash messages is blank and user doesn't see it on login form.
Ruby on Rails member

@shir @AndreyChernyh a test case or an application that shows the issue would be great.

Ruby on Rails member

Fixed by #4429.

@josevalim josevalim closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.