Forbidden: confirmed user
You see, in the dead of the New England winter, we got academic about being HTTP fluent. In the process, we made our Rails apps less usable for one edge case:
Users click their confirmation email more than once.
Why (using email as a bookmark, double-clicking) doesn’t really matter. Airbrake has shown us it happens… a lot.
Clearance used to raise a 403 Forbidden and display a blank page. Not a good user experience. Last week we scratched our itch and changed it to display a flash message and redirect somewhere depending on whether the user is signed in or signed out:
A little less dogma. A little more useful for the user.