views:

71

answers:

2

I have recently been using cookie store and I want to transition to active record store. However I keep getting an invalid authenticity token. After deleting my cookies, I was able to access the page just fine, but I don't want all my users to come to my page, get a huge error and then figure out that I want them to delete their cookies.

So I made a function called delete cookies:

  after_filter :delete_cookie
  def delete_cookie
    puts "deleting cookies"
    cookies.to_hash.each_pair do |k, v|
      puts k
      cookies.delete(k)
    end
  end

In application controller, but it doesn't seem to be working correctly. I still see my cookie after visiting any page. I feel like there really should be a better solution but I can't seem to find any so far. Any hints?

A: 

Comment following line from application_controller.rb

protect_from_forgery # See ActionController::RequestForgeryProtection for details
Salil
Does this not take away from the security of built in rails checks? You are sure that using active record store does not need to protect from forgery? This occurred to me but I thought it would be a bad idea.
Andy
A: 

It seems like the one time I've done this that I simply renamed the session key so that the new AR store session did not try to re-use the old cookie store cookie (which was effectively ignored going forward).

Jeremy Weathers