A basic authentication scheme should go to some length to do a little bit of remembering in the event your user hits a restricted page before they are actually authenticated. First, some context. I’ve got this in my ApplicationController: def require_user unless current_user store_location redirect_to login_path return false end end def store_location session[:return_to] = request.request_uri [...]