Currently I am using ActiveRecord as session store. And have this (protect_from_forgery :secret="xxxx") set in ApplicationController. Also every five minutes I have a cron job to delete any session record that has not been updated for 15 minutes (by checking updated_at column value). The problem is: If I stay in one page and editing a long article, after 20 minutes something, if I click on save. Server will throw This error: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken). Most likely that the session record is not updated while I am editing the article. And it gets removed by cron job. I have two questions: 1. What triggers session record get updated in Rails? 2. How do I handle this scenario? Thanks a lot for help. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---