views:

64

answers:

1

Here is the deal.

Our application is working and is being used by writers to send in content for the web site. Problem is, from times to times, our writers get an error after submiting the form for any rescource in the site. The error after checking the production logs was the good old InvalidAuthenticityToken.

Problem is, they don't change the token, they don't invalidate the form, they don't do anything but write in the editor and click submit !

The error seems to be completely random, sometimes it happends, sometimes it doesn't :/ All I know is that it occurs when editing or creating an item, so either POST or PUT requests, but the problem is, it is not on one specific area of the application, it simply eventually happend from time to time all over our forms.

Our environment is a HAProxy serving a mongrel_cluster with 20 mongrels running our app. Rails version is 2.3.8

Could this be a problem with sessions in different mongrels? If not, what can I do to stop this random errors, that makes writers sometimes lose a lot of time editing a text and simply losing it because of the damn error.

Any help really appreciated.

+1  A: 

The problem was really simpler than I ever expected it to be.

The session timer was set to 900 seconds and sometimes writers took longer than that editing a text within the same page, without any other navigation on the website.

That invalidated the session because of the timeout and then when finally the form was submitted, the session part of the authenticity token was reseted so the InvalidAuthenticityToken error raised.

Angelus
I've been getting this at random times too. How do you update that session timer?
johnnymire
That is made on the environment file of your environment, using the config.action_controller.session hash
Angelus