tags:

views:

71

answers:

2
+2  Q: 

ActiveRecordStore InvalidAuthenticityToken

I have recently been using cookie store and I want to transition to active record store. However I keep getting an invalid authenticity token. After deleting my cookies, I was able to access the page just fine, but I don't want all my users to come to my page, get a huge error and then figure out that I want them to delete their cookies.

So I made a function called delete cookies:

  after_filter :delete_cookie
  def delete_cookie
    puts "deleting cookies"
    cookies.to_hash.each_pair do |k, v|
      puts k
      cookies.delete(k)
    end
  end

In application controller, but it doesn't seem to be working correctly. I still see my cookie after visiting any page. I feel like there really should be a better solution but I can't seem to find any so far. Any hints?

A: 

Comment following line from application_controller.rb

protect_from_forgery # See ActionController::RequestForgeryProtection for details
Salil  2010-05-31 06:11:24
Does this not take away from the security of built in rails checks? You are sure that using active record store does not need to protect from forgery? This occurred to me but I thought it would be a bad idea.
Andy  2010-05-31 06:21:05
A: 

It seems like the one time I've done this that I simply renamed the session key so that the new AR store session did not try to re-use the old cookie store cookie (which was effectively ignored going forward).

Jeremy Weathers  2010-08-30 03:39:04

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.