I am using force_ssl in my Users and Sessions controllers. This works great. When I go actions in either of these controllers my browser will redirect to https. The problem is that after the user is redirected to https their browser will continue to use https at least when using relative URLS. I’d rather the user use http for other pages in the application. I’ve come up with 3 possible strategies to guide users back to http for other pages.

1. Use absolute urls instead of relative urls. With this strategy I avoid using things like root_path, but instead use root_url. I can set default_url_options in my application controller to use http protocol. This way all links on in my application will attempt to guide the user back to http. They could always switch it to https in their browser manually, but I don’t really care if they do that.

2. Write a before filter similar to https://gist.github.com/1040964. I don’t really like this because I would have to repeat which controllers / actions I am forcing to ssl in the application controller as well as the specific controller in which I use force_ssl.

3. Use this plugin https://github.com/bartt/ssl_requirement. This plugin seems nice because it by default will force to http if I don’t say anything. Forcing to ssl seems very similar to the include force_ssl method. This seems like a good solution but I don’t want to rely on a plugin if there is a easy way to do this without it.

I can’t decided which of these 3 options is the best and am looking for guidance. I’m also new to Rails so if any of these solutions is “bad” please let me know. Also if there are other options I am not aware of please let me know.

Which solution is best if any? (Rails 3.2)