How often is the authenticity token updated? The latest error that I got was a submittal of a form, an model validation occured, I click back, make the correction, resubmit the form, then I get an InvalidAuthenticityToken error. Somewhat off topic If a person is using the authenticity tokens is there still a need to use some sort of captcha? Thanks -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Frederick Cheung
2008-May-22 18:09 UTC
Re: Getting InvalidAuthenticityToken errors quite often
On 22 May 2008, at 19:03, Chris Olsen wrote:> > How often is the authenticity token updated? > > The latest error that I got was a submittal of a form, an model > validation occured, I click back, make the correction, resubmit the > form, then I get an InvalidAuthenticityToken error. >They are tied to the session id (non cookie store) or from the crsf_id in the session (cookie store). if something is killing the session that will do it> Somewhat off topic > If a person is using the authenticity tokens is there still a need to > use some sort of captcha?captcha and authenticity tokens are for completely different things. Authenticity tokens are for guarding against crsf attacks, captchas are for preventing computer programs automatically doing stuff with your web app. Fred --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi, I''m also getting InvalidAuthenticityToken errors. Usually this happens after some time. I was doing the usual gets and posts, then after some time I''ll get an InvalidAuthenticityToken error. My logs showed that the tokens are exactly the same. Does this mean that the authenticity token is tied to the sessions? When the session ends, the authenticity token needs to be renewed? Zan On May 23, 2:09 am, Frederick Cheung <frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On 22 May 2008, at 19:03, Chris Olsen wrote: > > > > > How often is the authenticity token updated? > > > The latest error that I got was a submittal of a form, an model > > validation occured, I click back, make the correction, resubmit the > > form, then I get anInvalidAuthenticityTokenerror. > > They are tied to the session id (non cookie store) or from the crsf_id > in the session (cookie store). if something is killing the session > that will do it > > > Somewhat off topic > > If a person is using the authenticity tokens is there still a need to > > use some sort of captcha? > > captcha and authenticity tokens are for completely different things. > Authenticity tokens are for guarding against crsf attacks, captchas > are for preventing computer programs automatically doing stuff with > your web app. > > Fred--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---