drewB
2010-Oct-08 20:40 UTC
causes of occasional ActionController::InvalidAuthenticityToken exceptions
A few times a week we get an ActionController::InvalidAuthenticityToken exception from our app (not all from the same action or controller). I understand why protect_from_forgery exists and am not interested in disabling it. I am quite certain this is not from actual attacks on our site but not sure why users are consistently triggering it. The number of users it impacts is very small but still would be nice to know how to reduce them or at least why it is happening. Any ideas? Thanks, Drew -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Matthias
2010-Oct-15 16:20 UTC
Re: causes of occasional ActionController::InvalidAuthenticityToken exceptions
I''m having the same problems on a production website. It has several hundreds of visitors each days and this error occurs occasionally (more or less 1-3 times a week). Looking at the logs I see it is an actual visitor doing ''normal'' things. I also saw a visitor that had it several times in a short period (with different authenticity tokens). I can''t seem to find the reason. We''re using the database for storing the sessions (ActionController::Base.session_store = :active_record_store). We''re using a 128 character session key. Any ideas? Thanks Matthias On Oct 8, 10:40 pm, drewB <dbats...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> A few times a week we get an > ActionController::InvalidAuthenticityToken exception from our app (not > all from the same action or controller). I understand why > protect_from_forgery exists and am not interested in disabling it. I > am quite certain this is not from actual attacks on our site but not > sure why users are consistently triggering it. The number of users it > impacts is very small but still would be nice to know how to reduce > them or at least why it is happening. > > Any ideas? > > Thanks, > Drew-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.