Discussion Forums
- Topic List
- Most Recent Posts
- Sign In for more options
I'm having a hard time w/ user logins in my app. I keep getting the InvalidAuthenticityToken token when logging in a user. My code is here:
http://pastebin.com/m1548b8bc (login form, login action and the application controller stuff)..
I made sure I use the following (in application.rb): config.action_controller.session = { :session_key => '_myapp_session', :secret => 'someverylonggibberish' } config.action_controller.session_store = :active_record_store
and also (in environment.rb): protect_from_forgery :secret => 'anotherlongmess'
When I submit the login form, I get an authenticity token, but I guess it's the wrong one for some reason.
I have the sessions db table up and I made sure I cleared sessions, cache and cookies in my browser. My rails version is 2.2.2.
This has been going on for days now, and I'd be really greatful for any help :)
Hi,
your error is comming from using protect_from_forgery incorrectly. if you refer to the rails api you will see that valid options are :only and :except. the idea is to generate random tokens and validate them in the controller, putting protect_from_forgery in application controller should be sufficient enough
The correct place for protect_from_forgery :secret is in application.rb, not environment.rb.
