After restarting a Rails app in production environment and submitting a login form for the first time the application throws an "ActionController::InvalidAuthenticityToken" error.
After the first form submit everything works fine.
The application only logs the action and controller parameters for the first request: {"action"=>"create", "controller"=>"user_sessions"}. All the form parameters, including the authenticity token don't show up, which would explain the error message. Looking at that first form submit post request on the client side I confirmed that the form is submitted correctly (all the parameters are posted correctly)
Production setup gist: Rails 2.3.3, Apache2, Mongrel Cluster, default cookie session store
Local development environment does not have the same issue.