sessions_controller.rb in tkh_authentication-0.0.7

- old
+ new

@@ -9,19 +9,19 @@
       if params[:remember_me]
         cookies.permanent[:auth_token] = user.auth_token
       else
         cookies[:auth_token] = user.auth_token
       end
-      redirect_to (session[:target_page] || root_url), notice: t('authentication.login_confirmation')
+      redirect_to (session[:target_page] || safe_root_url), notice: t('authentication.login_confirmation')
       session[:target_page] = nil
     else
       flash.now.alert = t('authentication.warning.email_or_password_invalid')
       render "new"
     end
   end
 
   def destroy
     cookies.delete(:auth_token)
-    redirect_to root_url, notice: t('authentication.logout_confirmation')
+    redirect_to safe_root_url, notice: t('authentication.logout_confirmation')
   end
 
 end