Phoenix Rising
2010-Jan-20 18:32 UTC
(2.3.5) ActionController::Base.session_options[:expire_after] + Error 422/Authenticity Token Issue
I''m getting ready to put an app into production and I''ve found a strange issue that, as far as I know, shouldn''t be happening. To me this looks like it could be a bug, but I''m not sure and I''m hoping some one here can tell me if they''ve seen this before, or can idiot- check me in that hopefully it''s just something I''ve missed along the way. I need the application to automatically shut down an active session after 15 minutes of inactivity. My understanding is that this is accomplished, in 2.3.5, with ActionController::Base.session_options [:expire_after]. In the code snippet below (currently in config/initializers/ session_store.rb), I''m forcing this behavior if RAILS_ENV isn''t development (because in development I don''t want this going on - it''s annoying to have to relog after making UI/CSS/markup changes every time!) # Force sessions to expire after 15 minutes if(RAILS_ENV != ''development'') ActionController::Base.session_options[:expire_after] = 15.minutes end This causes a problem: when attempting to login via any browser or any machine, the application responds as it should, but claims that the authenticity token was invalid, presenting the 422 error message in production: "The change you wanted was rejected. Maybe you tried to change something you didn''t have access to." Disabling (commenting) the :expire_after line solves this problem. Has anyone else seen this behavior? Have I overlooked something? Thanks for your help. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.