I am trying to convert my codeand to use the new Rails 2.0 feature
RequestForgeryProtection
but I get an InvalidAuthenticityToken error, right from the beginning
with my login form..
I followed the recommandations :
in my environment.rb
config.action_controller.session = {
:session_key => ''myappname'',
:secret => ''6de86b5566d7598f57e757960760acd2''
}
in my application.rb
protect_from_forgery :secret =>
''6de86b5566d7598f57e757960760acd2''
my sessions_controller.rb doesn''t have anything new inside... same
code
as used with rails 1.2
(is it right ?)
class SessionsController < ApplicationController
def new
@login = ""
end
def create
if open_id?(params[:login])
open_id_authentication params[:login]
else
password_authentication params[:login], params[:password]
end
end
what should I take care in this conversion ?
thanks
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Frederick Cheung
2007-Dec-23 10:44 UTC
Re: InvalidAuthenticityToken problems with my login form
On 23 Dec 2007, at 10:26, Kad Kerforn wrote:> > I am trying to convert my codeand to use the new Rails 2.0 feature > RequestForgeryProtection > but I get an InvalidAuthenticityToken error, right from the beginning > with my login form.. > > I followed the recommandations : > > in my environment.rb > config.action_controller.session = { > :session_key => ''myappname'', > :secret => ''6de86b5566d7598f57e757960760acd2'' > } > > in my application.rb > protect_from_forgery :secret => ''6de86b5566d7598f57e757960760acd2'' > > my sessions_controller.rb doesn''t have anything new inside... same > code > as used with rails 1.2 > (is it right ?)Does your form include the token ? Fred> > > class SessionsController < ApplicationController > def new > @login = "" > end > > def create > if open_id?(params[:login]) > open_id_authentication params[:login] > else > password_authentication params[:login], params[:password] > end > end > > what should I take care in this conversion ? > > thanks > -- > Posted via http://www.ruby-forum.com/. > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Kad Kerforn
2007-Dec-23 11:47 UTC
Re: InvalidAuthenticityToken problems with my login form
Frederick Cheung wrote:> On 23 Dec 2007, at 10:26, Kad Kerforn wrote: > >> :session_key => ''myappname'', >> :secret => ''6de86b5566d7598f57e757960760acd2'' >> } >> >> in my application.rb >> protect_from_forgery :secret => ''6de86b5566d7598f57e757960760acd2'' >> >> my sessions_controller.rb doesn''t have anything new inside... same >> code >> as used with rails 1.2 >> (is it right ?) > > Does your form include the token ? > > Fredyes, I can see the token in the log.. Parameters: {"commit"=>"send me a key please", "authenticity_token"=>"56e36d73f759d4a3efeadcc71354da428f24efcd", "action"=>"create", "controller"=>"users", "email"=>"michel-ld7CXrSmGnUm4RdzfppkhA@public.gmane.org"} I am using the last rails 2.0.2 rails version (gem install rails) it''s stated that the session cookie store is the default with Rails edge... am I using the right version ? how can I check that the default session store is cookies and not file (Pstore was the default before .. ?) kad -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Kad Kerforn
2007-Dec-23 12:59 UTC
Re: InvalidAuthenticityToken problems with my login form
>> Does your form include the token ? >> >> Fred > > yes, I can see the token in the log.. > Parameters: {"commit"=>"send me a key please", > "authenticity_token"=>"56e36d73f759d4a3efeadcc71354da428f24efcd", > "action"=>"create", "controller"=>"users", > "email"=>"michel-ld7CXrSmGnUm4RdzfppkhA@public.gmane.org"} > > I am using the last rails 2.0.2 rails version (gem install rails) it''s > stated that the session cookie store is the default with Rails edge... > am I using the right version ? > how can I check that the default session store is cookies and not file > (Pstore was the default before .. ?) > > kadthat was the case ! I was using 2.0.1 !! not 2.0.2 .... it''s ok now !! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---