Eric M. Smith
2008-Jan-25 08:36 UTC
Rails 2.0.2 form_tag/InvalidAuthenticityToken/token_tag
|I just upgraded to rails 2.0.2 and I''m having a problem when I switch from cookie based sessions to ActiveRecord based sessions. Apparently my login form which worked under rails 1.2.6 no longer includes the proper authentication token necessary for protect_from_forgery. There are a number of people who appear to have this problem and I''ve seen suggestions indicating I need to include <%= token_tag %>. But token_tag is a private method and as far as I can tell, is being called. So how do I get the form_tag to work properly under rails 2.0.2? This is what I currently have: <p> Please enter your username and password to access the site.</p> <% form_tag :action => ''login'' do -%> <p><label for="login_name">Name</label><br/> <%= text_field ''login'', ''name'' %></p> <p><label for="login_password">Password</label><br/> <%= password_field ''login'', ''password'' %></p> <%= submit_tag "Login" %> <% end -%> TIA EMS | --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Polydectes
2008-Jan-25 08:58 UTC
Re: Rails 2.0.2 form_tag/InvalidAuthenticityToken/token_tag
On Jan 25, 2:36 am, "Eric M. Smith" <esmith...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> |I just upgraded to rails 2.0.2 and I''m having a problem when I switch > from cookie based sessions to ActiveRecord based sessions. > > Apparently my login form which worked under rails 1.2.6 no longer > includes the proper authentication token necessary for protect_from_forgery. > > There are a number of people who appear to have this problem and I''ve > seen suggestions indicating I need to include <%= token_tag %>. But > token_tag is a private method and as far as I can tell, is being called. > So how do I get the form_tag to work properly under rails 2.0.2? > > This is what I currently have: > > <p> Please enter your username and password to access the site.</p> > > <% form_tag :action => ''login'' do -%> > <p><label for="login_name">Name</label><br/> > <%= text_field ''login'', ''name'' %></p> > > <p><label for="login_password">Password</label><br/> > <%= password_field ''login'', ''password'' %></p> > > <%= submit_tag "Login" %> > <% end -%> > > TIA > EMS > |Ok, I think I found the problem. Apparently, in the ApplicationController (application.rb) the secret key is disabled on the call to protect_from_forgery and it''s only a comment that tells you to uncomment if you change the data store. Once I uncommented the :secret value, things appear to work. EMS --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I''m having the same problem with a similar form. I commented and uncommented the secret key in application.rb but not work. I compared the the value in the hidden field of the form with the value generated for the tag "token_tag" and be the same. On 25 ene, 05:58, Polydectes <esmith...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On Jan 25, 2:36 am, "Eric M. Smith" <esmith...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > > |I just upgraded to rails 2.0.2 and I''m having a problem when I switch > > from cookie based sessions to ActiveRecord based sessions. > > > Apparently my login form which worked under rails 1.2.6 no longer > > includes the proper authentication token necessary for protect_from_forgery. > > > There are a number of people who appear to have this problem and I''ve > > seen suggestions indicating I need to include <%= token_tag %>. But > > token_tag is a private method and as far as I can tell, is being called. > > So how do I get the form_tag to work properly under rails 2.0.2? > > > This is what I currently have: > > > <p> Please enter your username and password to access the site.</p> > > > <% form_tag :action => ''login'' do -%> > > <p><label for="login_name">Name</label><br/> > > <%= text_field ''login'', ''name'' %></p> > > > <p><label for="login_password">Password</label><br/> > > <%= password_field ''login'', ''password'' %></p> > > > <%= submit_tag "Login" %> > > <% end -%> > > > TIA > > EMS > > | > > Ok, I think I found the problem. Apparently, in the > ApplicationController (application.rb) the secret key is disabled on > the call to protect_from_forgery and it''s only a comment that tells > you to uncomment if you change the data store. > > Once I uncommented the :secret value, things appear to work. > > EMS--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---