thr3ads.net - Rails - ActionController::InvalidAuthenticityToken? [Nov 2008]

If this information is useful, please help other people find it:
Share via:

pete

2008-Nov-30 02:53 UTC

ActionController::InvalidAuthenticityToken?

Hi-

I am trying to use AJAX calls to login and logout of my Rails app so
that the form renders in the side bar when you are not logged in, and
your "profile" renders if you are.

It all works, but when you logout, and try and log back in, you get
"ActionController::InvalidAuthenticityToken", in the development.log.

What does this mean, I can''t figure out how to fix this??

Thanks!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

James Mitchell

2008-Nov-30 03:24 UTC

head link

Re: ActionController::InvalidAuthenticityToken?

http://alwaysmovefast.com/2008/01/30/ajax-in-rails-with-authenticity-token/

--
James Mitchell



On Sat, Nov 29, 2008 at 9:53 PM, pete
<peterbattaglia-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:>
> Hi-
>
> I am trying to use AJAX calls to login and logout of my Rails app so
> that the form renders in the side bar when you are not logged in, and
> your "profile" renders if you are.
>
> It all works, but when you logout, and try and log back in, you get
> "ActionController::InvalidAuthenticityToken", in the
development.log.
>
> What does this mean, I can''t figure out how to fix this??
>
> Thanks!
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

pete

2008-Nov-30 03:41 UTC

head link

Re: ActionController::InvalidAuthenticityToken?

What if I''m using the cookie_session_store?

On Nov 29, 8:24 pm, "James Mitchell"
<jmitc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:> http://alwaysmovefast.com/2008/01/30/ajax-in-rails-with-authenticity-...
>
> --
> James Mitchell
>
> On Sat, Nov 29, 2008 at 9:53 PM, pete
<peterbattag...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > Hi-
>
> > I am trying to use AJAX calls to login and logout of my Rails app so
> > that the form renders in the side bar when you are not logged in, and
> > your "profile" renders if you are.
>
> > It all works, but when you logout, and try and log back in, you get
> > "ActionController::InvalidAuthenticityToken", in the
development.log.
>
> > What does this mean, I can''t figure out how to fix this??
>
> > Thanks!
>
>--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

pete

2008-Nov-30 04:06 UTC

head link

Re: ActionController::InvalidAuthenticityToken?

Also, if you refresh the page, the problem is fixed.  I don''t
understand this...

Thanks for your feedback.

On Nov 29, 8:41 pm, pete
<peterbattag...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:> What if I''m using the cookie_session_store?
>
> On Nov 29, 8:24 pm, "James Mitchell"
<jmitc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>
>http://alwaysmovefast.com/2008/01/30/ajax-in-rails-with-authenticity-...
>
> > --
> > James Mitchell
>
> > On Sat, Nov 29, 2008 at 9:53 PM, pete
<peterbattag...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > > Hi-
>
> > > I am trying to use AJAX calls to login and logout of my Rails app
so
> > > that the form renders in the side bar when you are not logged in,
and
> > > your "profile" renders if you are.
>
> > > It all works, but when you logout, and try and log back in, you
get
> > > "ActionController::InvalidAuthenticityToken", in the
development.log.
>
> > > What does this mean, I can''t figure out how to fix
this??
>
> > > Thanks!
>
>--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

James Mitchell

2008-Nov-30 04:25 UTC

head link

Re: ActionController::InvalidAuthenticityToken?

The generated token is a one time use token.  So, if the page is
rendered, and the token value is stored on the page, but you interact
with the app via ajax, that token becomes invalid.  It''s a way to
guarantee that the page rendered was the one submitted and prevents
duplicate posting whether on purpose or via the back button.

You''ll have to update the form with a new token as part of the ajax
interaction.


--
James Mitchell



On Sat, Nov 29, 2008 at 11:06 PM, pete
<peterbattaglia-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:>
> Also, if you refresh the page, the problem is fixed.  I don''t
> understand this...
>
> Thanks for your feedback.
>
> On Nov 29, 8:41 pm, pete
<peterbattag...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>> What if I''m using the cookie_session_store?
>>
>> On Nov 29, 8:24 pm, "James Mitchell"
<jmitc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>
>>
>http://alwaysmovefast.com/2008/01/30/ajax-in-rails-with-authenticity-...
>>
>> > --
>> > James Mitchell
>>
>> > On Sat, Nov 29, 2008 at 9:53 PM, pete
<peterbattag...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>
>> > > Hi-
>>
>> > > I am trying to use AJAX calls to login and logout of my Rails
app so
>> > > that the form renders in the side bar when you are not logged
in, and
>> > > your "profile" renders if you are.
>>
>> > > It all works, but when you logout, and try and log back in,
you get
>> > > "ActionController::InvalidAuthenticityToken", in
the development.log.
>>
>> > > What does this mean, I can''t figure out how to fix
this??
>>
>> > > Thanks!
>>
>>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

pete

2008-Nov-30 04:52 UTC

head link

Re: ActionController::InvalidAuthenticityToken?

Ah, ok, so the suggestion is to add a hidden field with the
<%form_authenticity_token %> in it?

Thanks again, I''ve been messing with this all day...

On Nov 29, 9:25 pm, "James Mitchell"
<jmitc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:> The generated token is a one time use token.  So, if the page is
> rendered, and the token value is stored on the page, but you interact
> with the app via ajax, that token becomes invalid.  It''s a way to
> guarantee that the page rendered was the one submitted and prevents
> duplicate posting whether on purpose or via the back button.
>
> You''ll have to update the form with a new token as part of the
ajax interaction.
>
> --
> James Mitchell
>
> On Sat, Nov 29, 2008 at 11:06 PM, pete
<peterbattag...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > Also, if you refresh the page, the problem is fixed.  I don''t
> > understand this...
>
> > Thanks for your feedback.
>
> > On Nov 29, 8:41 pm, pete
<peterbattag...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >> What if I''m using the cookie_session_store?
>
> >> On Nov 29, 8:24 pm, "James Mitchell"
<jmitc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> >>
>http://alwaysmovefast.com/2008/01/30/ajax-in-rails-with-authenticity-...
>
> >> > --
> >> > James Mitchell
>
> >> > On Sat, Nov 29, 2008 at 9:53 PM, pete
<peterbattag...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> >> > > Hi-
>
> >> > > I am trying to use AJAX calls to login and logout of my
Rails app so
> >> > > that the form renders in the side bar when you are not
logged in, and
> >> > > your "profile" renders if you are.
>
> >> > > It all works, but when you logout, and try and log back
in, you get
> >> > > "ActionController::InvalidAuthenticityToken",
in the development.log.
>
> >> > > What does this mean, I can''t figure out how to
fix this??
>
> >> > > Thanks!
>
>--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Raimon Fs

2009-Feb-10 17:19 UTC

head link

Re: ActionController::InvalidAuthenticityToken?

pete wrote:> Ah, ok, so the suggestion is to add a hidden field with the <%>
form_authenticity_token %> in it?
> 
> Thanks again, I''ve been messing with this all day...

Did you solved your problem ?

I''m having the same trouble, but in my source html page I can see the 
token there:

<form action="/expedients/sdsfds?tokens=" method="post"
onsubmit="new
Ajax.Updater(''div_listd'',
''/expedients/sdsfds?tokens='',
{asynchronous:true, evalScripts:true, insertion:''bottom'', 
parameters:Form.serialize(this)}); return false;"><div 
style="margin:0;padding:0"><input
name="authenticity_token"
type="hidden"
value="c5fb066b9a3370e15f94154cc2140759d40f079c" /></div>


No matter wich action I I call, it never fires. I suppose Rails is 
intercepting and stopping it because the token problem.

any ideas ?

thanks,

r.
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Maybe Matching Threads

Search for more maybe matching threads

Rails - Nov 2008 - ActionController::InvalidAuthenticityToken?

ActionController::InvalidAuthenticityToken?

Re: ActionController::InvalidAuthenticityToken?

Re: ActionController::InvalidAuthenticityToken?

Re: ActionController::InvalidAuthenticityToken?

Re: ActionController::InvalidAuthenticityToken?

Re: ActionController::InvalidAuthenticityToken?

Re: ActionController::InvalidAuthenticityToken?

Maybe Matching Threads