Welcome to Working With Rails


Discussion Forums

Discuss all things Ruby on Rails with perhaps the web's most vibrant group of Ruby on Rails enthusiasts.
InvalidAuthenticityToken issues
3 Posts
InvalidAuthenticityToken issues

I'm having a hard time w/ user logins in my app. I keep getting the InvalidAuthenticityToken token when logging in a user. My code is here:

http://pastebin.com/m1548b8bc (login form, login action and the application controller stuff)..

I made sure I use the following (in application.rb): config.action_controller.session = { :session_key => '_myapp_session', :secret => 'someverylonggibberish' } config.action_controller.session_store = :active_record_store

and also (in environment.rb): protect_from_forgery :secret => 'anotherlongmess'

When I submit the login form, I get an authenticity token, but I guess it's the wrong one for some reason.

I have the sessions db table up and I made sure I cleared sessions, cache and cookies in my browser. My rails version is 2.2.2.

This has been going on for days now, and I'd be really greatful for any help :)


your error is comming from using protect_from_forgery incorrectly. if you refer to the rails api you will see that valid options are :only and :except. the idea is to generate random tokens and validate them in the controller, putting protect_from_forgery in application controller should be sufficient enough

The correct place for protect_from_forgery :secret is in application.rb, not environment.rb.

Sign In To Rate Post
3 Posts
Login to add your message