Rails - Jan 2008 - Rails 2.0.2 form_tag/InvalidAuthenticityToken/token_tag

|I just upgraded to rails 2.0.2 and I''m having a problem when I switch 
from cookie based sessions to ActiveRecord based sessions.

Apparently my login form which worked under rails 1.2.6 no longer 
includes the proper authentication token necessary for protect_from_forgery.

There are a number of people who appear to have this problem and I''ve 
seen suggestions indicating I need to include <%= token_tag %>.  But 
token_tag is a private method and as far as I can tell, is being called. 
So how do I get the form_tag to work properly under rails 2.0.2?

This is what I currently have:

    <p> Please enter your username and password to access the
site.</p>

    <% form_tag :action => ''login'' do -%>
      <p><label
for="login_name">Name</label><br/>
      <%= text_field ''login'', ''name'' 
%></p>

      <p><label
for="login_password">Password</label><br/>
      <%= password_field ''login'',
''password'' %></p>
   
      <%= submit_tag "Login" %>
    <% end -%>

TIA
EMS
|

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Jan 25, 2:36 am, "Eric M. Smith"
<esmith...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> |I just upgraded to rails 2.0.2 and I''m having a problem when I
switch
> from cookie based sessions to ActiveRecord based sessions.
>
> Apparently my login form which worked under rails 1.2.6 no longer
> includes the proper authentication token necessary for
protect_from_forgery.
>
> There are a number of people who appear to have this problem and
I''ve
> seen suggestions indicating I need to include <%= token_tag %>.  But
> token_tag is a private method and as far as I can tell, is being called.
> So how do I get the form_tag to work properly under rails 2.0.2?
>
> This is what I currently have:
>
>     <p> Please enter your username and password to access the
site.</p>
>
>     <% form_tag :action => ''login'' do -%>
>       <p><label
for="login_name">Name</label><br/>
>       <%= text_field ''login'', ''name''
%></p>
>
>       <p><label
for="login_password">Password</label><br/>
>       <%= password_field ''login'',
''password'' %></p>
>
>       <%= submit_tag "Login" %>
>     <% end -%>
>
> TIA
> EMS
> |
Ok, I think I found the problem.  Apparently, in the
ApplicationController (application.rb) the secret key is disabled on
the call to protect_from_forgery and it''s only a comment that tells
you to uncomment if you change the data store.

Once I uncommented the :secret value, things appear to work.

EMS
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I''m having the same problem with a similar form. I commented and
uncommented the secret key in application.rb but not work. I compared
the the value in the hidden field of the form with the value generated
for the tag "token_tag" and be the same.

On 25 ene, 05:58, Polydectes
<esmith...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On Jan 25, 2:36 am, "Eric M. Smith"
<esmith...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>
>
> > |I just upgraded to rails 2.0.2 and I''m having a problem when
I switch
> > from cookie based sessions to ActiveRecord based sessions.
>
> > Apparently my login form which worked under rails 1.2.6 no longer
> > includes the proper authentication token necessary for
protect_from_forgery.
>
> > There are a number of people who appear to have this problem and
I''ve
> > seen suggestions indicating I need to include <%= token_tag %>. 
But
> > token_tag is a private method and as far as I can tell, is being
called.
> > So how do I get the form_tag to work properly under rails 2.0.2?
>
> > This is what I currently have:
>
> >     <p> Please enter your username and password to access the
site.</p>
>
> >     <% form_tag :action => ''login'' do -%>
> >       <p><label
for="login_name">Name</label><br/>
> >       <%= text_field ''login'',
''name''  %></p>
>
> >       <p><label
for="login_password">Password</label><br/>
> >       <%= password_field ''login'',
''password'' %></p>
>
> >       <%= submit_tag "Login" %>
> >     <% end -%>
>
> > TIA
> > EMS
> > |
>
> Ok, I think I found the problem.  Apparently, in the
> ApplicationController (application.rb) the secret key is disabled on
> the call to protect_from_forgery and it''s only a comment that
tells
> you to uncomment if you change the data store.
>
> Once I uncommented the :secret value, things appear to work.
>
> EMS
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---