Security
We do not use GET requests for any data input other than search (afaik), so this should be quite safe. It's worth to take a look at this first, though. There are some nasty attacks out there, but Rails' built-in CSRF-protection should protect us.
If a user was logged on, but visits a page some time later when he's logged out (e.g. browser restart), he is redirected to dashboard when logged in.
That's baaaad... We could go for something like this instead; https://github.com/plataformatec/devise/wiki/How-To:-Redirect-back-to-current-page-after-sign-in,-sign-out,-sign-up,-update
Security We do not use GET requests for any data input other than search (afaik), so this should be quite safe. It's worth to take a look at this first, though. There are some nasty attacks out there, but Rails' built-in CSRF-protection should protect us.