What do you do when your redirect doesn’t go where you tell it?

Clearly I’m missing something.

I stepped through the code, following the failure path of Sheogorath’s Recaptcha. It fails as expected, and hits this redirect before doing anything else:

`return redirect_to new_user_session_path`

I verified that this redirects to the “/users/sign_in” path, and it returns so the server doesn’t even try to authenticate the user. It just nopes out as it should to prevent timing attacks.

But somehow instead of doing that and redirecting as it should, it signs the user in and redirects somewhere else entirely: the role select page, which only happens after authenticating an admin user. It never even hits my breakpoint after the recaptcha check! It never authenticates!

I think what I’m missing is my old reality where things made sense.

A new system developed at CSAIL was shown to have stronger security guarantees than Intel's existing approach for preventing so-called "timing attacks" like Meltdown and Spectre, made possible by hardware vulnerabilities.

Image courtesy of Graz University of Technology

I wanna go back to the age where a C program was considered secure and isolated based on its system interface rathe than its speed. I want a future where safety does not imply inefficiency. I hate spectre and I hate that an abstraction as simple and robust as assembly is so leaky that just by exposing it you've pretty much forfeited all your secrets.
And I especially hate that we chose to solve this by locking down everything rather than inventing an abstraction that's a similarly good compile target but better represents CPUs and therefore does not leak.

Biggest interview of my entire life is coming up on Thursday. I really need this to go well - it's more than double my current salary, at a time where I'm really starting to struggle to make ends meet. There's an actual "team", and from my interactions with them over the last four interviews, I think they're cool people. It's still a little unusual, because although there's a team or cohort of seniors that I'd be joining, every senior developer is still somewhat siloed, leading their own juniors. I'd also get to be remote 75% of the time, which I think I've realized is a "must have" benefit.

I don't know if it's coincidental or just bad timing then that I've been having episodes of pretty intense vertigo and panic attacks far more frequently than normal lately - even before I had this interview lined up. I realized recently that I must have some kind of anxiety disorder. I don't know if that's from the military, or just from being fucked up via my own missteps. But I can't keep having these attacks.

Anyone who's willing to share - I don't really have anyone to ask. How do you deal with this type of thing? I went to see a shrink last year, but he just gave me pills that replaced these issues with others.