Hello, I''ve been testing my project with some manual tests. One of them consists of deleting cookies ("clean personal info" in firefox) just before submit the login form. Then, I get an error. The error message is: ActionController::InvalidAuthenticityToken in SessionsController#create I''m on Rails 2.0.2 with restful_authentication plugin. I''m using default cookie session store, too. Any idea? Thanks. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Will Jessop
2008-Apr-15 19:17 UTC
Re: InvalidAuthenticityToken exception when deleting cookies
On 15 Apr 2008, at 19:40, Sergio wrote:> The error message is: ActionController::InvalidAuthenticityToken in > SessionsController#create > > Any idea?This is Rails CSRF protection kicking in, see: http://api.rubyonrails.com/classes/ActionController/RequestForgeryProtection.html Try reloading the page with the form before submitting. Will. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 15 abr, 21:17, Will Jessop <w...-bdD2QVCtGQZW7IvYoCtsgA@public.gmane.org> wrote:> > Try reloading the page with the form before submitting.But can I reload the page automatically before submitting? or I must trust the user to do it... How can I avoid the user getting that exception? Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
mikhailov
2008-Apr-19 08:46 UTC
Re: InvalidAuthenticityToken exception when deleting cookies
could you try to include prototype in your layout? It''s work for me :) On 16 апр, 02:17, Will Jessop <w...-bdD2QVCtGQZW7IvYoCtsgA@public.gmane.org> wrote:> On 15 Apr 2008, at 19:40, Sergio wrote: > > > The error message is: ActionController::InvalidAuthenticityTokenin > > SessionsController#create > > > Any idea? > > This is Rails CSRF protection kicking in, see: > > http://api.rubyonrails.com/classes/ActionController/RequestForgeryPro... > > Try reloading the page with the form before submitting. > > Will.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thank you, I tried it, but it doesn''t seem to fix the error. On 19 abr, 10:46, mikhailov <mikhailov.anat...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> could you try to include prototype in your layout? It''s work for me :) > > On 16 апр, 02:17, Will Jessop <w...-bdD2QVCtGQZW7IvYoCtsgA@public.gmane.org> wrote: > > > On 15 Apr 2008, at 19:40, Sergio wrote: > > > > The error message is: ActionController::InvalidAuthenticityTokenin > > > SessionsController#create > > > > Any idea? > > > This is Rails CSRF protection kicking in, see: > > >http://api.rubyonrails.com/classes/ActionController/RequestForgeryPro... > > > Try reloading the page with the form before submitting. > > > Will.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Apparently Analagous Threads
- ActionController::InvalidAuthenticityToken in LoginController
- Error: "ActionController::InvalidAuthenticityToken"
- InvalidAuthenticityToken problems with my login form
- Upgrade to 2.0.2: InvalidAuthenticityToken error on 1st POST
- CSRF protection in rails 2.3.11