riles01
2007-Oct-03 22:07 UTC
active_record_store sessions does not pass a :secret to #protect_from_forgery in Rails 2.0.0 Preview
After switching to active_record_store to host sessions, I now get the following errors: ActionController::InvalidAuthenticityToken in Pages#edit Showing app/views/pages/edit.html.erb where line #5 raised: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store). Extracted source (around line #5): 2: 3: <%= error_messages_for :page %> 4: 5: <% form_for(@page) do |f| %> 6: <p> 7: <b>Name</b><br /> 8: <%= f.text_field :name %> RAILS_ROOT: C:/www/rails_apps/myapp Application Trace | Framework Trace | Full Trace c:/www/ruby/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/ action_controller/request_forgery_protection.rb:101:in `form_authenticity_token'' (eval):2:in `send'' (eval):2:in `form_authenticity_token'' app/views/pages/edit.html.erb:5:in `_run_erb_47app47views47pages47edit46html46erb'' Do I need to do something else besides create the database table and uncomment the line in config/environment.rb? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Joel Azemar
2007-Nov-09 16:28 UTC
Re: active_record_store sessions does not pass a :secret to
Hello riles01, you have run your application with cookies authentication mode and, thus, will remain sessions in your cookies. Delete your cookies and it will work. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Joel Azemar
2007-Nov-12 12:25 UTC
Re: active_record_store sessions does not pass a :secret to
sorry, it seem work well, but no. in your environement.rb you have :
config.action_controller.session = {
:session_key => ''_myapp_session'',
:secret => ''secretpass''
}
uncomment
config.action_controller.session_store = :active_record_store
and add in your app/controller/application.rb
protect_from_forgery :secret => ''secretpass''
and all work well.
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Possibly Parallel Threads
- form_tag and form_for cause #protect_from_forgery errors
- protect_from_forgery with db-session (Rails 2.3.2)
- Error with flash and form_authenticity_token in new rails application with scaffolding
- config.action_controller.session[:secret] vs protect_from_forgery :secret
- [HELP]No :secret given to the #protect_from_forgery call