thr3ads.net - Rails - protect_from_forgery and page caching issue [Jul 2008]

If this information is useful, please help other people find it:
Share via:

de Villamil Frédéric

2008-Jul-22 15:01 UTC

protect_from_forgery and page caching issue

Hello,

Using Rails 2.0.2, I have an issue with page caching and  
protect_from_forgery :

In application.rb, I have this
protect_from_forgery :secret =>  
''1c8b953667056f1a3c324d6b369f6158'', :only => [:create,
:edit, :update]

In my generated page, I have both

//<![CDATA[
3window._token = ''8d171d263aa1b98e74e79e44d34c16d3afe63a82''
4//]]>

in the header, and

<form action="/2007/05/01/test-picture-on-the-right/comments"  
class="comments" id="commentform" method="post"
onsubmit="new
Ajax.Updater({success:''commentList''},
''/2007/05/01/test-picture-on-the-
right/comments'', {asynchronous:true, evalScripts:true,  
insertion:Insertion.Bottom, onComplete:function(request) 
{complete(request)}, onFailure:function(request){failure(request)},  
onLoading:function(request){loading()},  
parameters:Form.serialize(this)}); return false;"><div
style="margin:
0;padding:0"><input name="authenticity_token"
type="hidden"
value="97a06903e4515f5d3c60efe839f45f274596750c" /></div>
And still in application controller
     if !session session :session => new end

Unfortunately, I keep having error 500 everytime I try to post a  
comment. Here is the error dump :
NoMethodError (undefined method `session_id'' for {}:Hash): /vendor/ 
rails/actionpack/lib/action_controller/request_forgery_protection.rb: 
126:in `authenticity_token_from_session_id'' /vendor/rails/actionpack/ 
lib/action_controller/request_forgery_protection.rb:108:in  
`form_authenticity_token'' /vendor/rails/actionpack/lib/ 
action_controller/request_forgery_protection.rb:98:in  
`verified_request?'' /vendor/rails/actionpack/lib/action_controller/ 
request_forgery_protection.rb:86:in `verify_authenticity_token''

Any idea about what happens ?
Regards,
Frédéric
-- 
Frédéric de Villamil
frederic-uV7UWT2Tqr1Z+3ve0T2cjA@public.gmane.org                        tel: +33
(0)6 62 19 1337
http://fredericdevillamil.com             Typo : http://typosphere.org


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Rails - Jul 2008 - protect_from_forgery and page caching issue

protect_from_forgery and page caching issue