Random Issue with Invalid AuthenticityToken
Posted in Forums : Ask a Rails expert
Authority 0
Posting Rating 0
Sign in to rate this post
|
Greetings I would appreciate any thoughts or ideas on the following issue: I have a RoR application with all forms created dynamically. Unfortunately some times when you hit the back button of the browser and try to login via the Login form an error message will come with “Invalid Authenticity Token”. Can anyone suggest what is wrong or had any similar experience before ? Thank you! |
|
Authority 12
Posting Rating 73
Sign in to rate this post
|
I think it because, rails automatically call `verify_authenticity_token` at every POST request (not sure for PUT and friends) as before_filter. So when we create new form, using form_for, rails automatically added the token.
skip_before_filter :verify_authenticity_token,
:only => [:your_action]
at your controller |
|
Authority 0
Posting Rating 0
Sign in to rate this post
|
Hi there , thank you for your feedback ! I am not so sure that this is the right approach, since this would compromise the security of the app. It seems that for some reason some times it sends an invalid token or maybe the SAME ? Can this be the case ? |
Authority 50
Posting Rating 99
Sign in to rate this post
|
As mentioned, Rails will check the authenticity token for request only for state mutating requests (POST, PUT, DELETE). If you receive the InvalidAuthenticityToken exception when you use the back button the browser is likely attempting to resend a form submission request in order to display the previous page. You don’t want this to happen, obviously. Even if you don’t get the InvalidAuthenticityToken exception you may be attempting to mutate the state of your system in meaningless ways; for example, creating the same user more than once. The controller actions for non-GET requests should never render views; they should always redirect to a GET request that the user can safely request multiple times. For example, if you create (POST) or edit (PUT) a resource, redirect to the show page for that resource. This way if the user uses the Refresh button to redraw a view, or the Back button to return to a view, the browser will resend the idempotent GET request. |
|
Authority 0
Posting Rating 0
Sign in to rate this post
|
Greetings, Thank you for your feedback! The problem arises when: I get also this message too : ... Hope that helps |
Authority 25
Posting Rating 0
Sign in to rate this post
|
if you don’t want the default message of rails (which is in public/422.html), you can always rescue the exception. Try the following: in your application_controller.rb rescue_from ActionController::InvalidAuthenticityToken, :with => :rescue_invalid_token def rescue_invalid_token # do what you want here. # maybe you should redirect to the login page and add a flash saying that the session expired end |
Other Recent Topics
Ask a Rails expert : nested application ApplicationController get called intead of children::ApplicationController
Ask a Rails expert : Best way to structure a database for a large/static dataset
Ask a Rails expert : Ruby Developer (ROR) - Scottish based (Remote working from within the UK)
Ask a Rails expert : Above Ground Pool Supplies
Ask a Rails expert : How to get url params in observer or model in Rails 3.1
Ask a Rails expert : What can persuade you to hire Junior Ruby devs with significant PHP experience?
Ask a Rails expert : What industry value does the Ruby or Rails Certification currently have?
Ask a Rails expert : Louis Vuitton Damier Azur Canvas specially sale ( www.salecheaplouisvuitton.com )
Ask a Rails expert : ·How to check errors/puts statements from ruby files which are under cronob
Ask a Rails expert : Louis Vuitton cheap Soft Sided Luggagespecial offer( www.salecheaplouisvuitton.com )
