similar to: active_record_store sessions does not pass a :secret to #protect_from_forgery in Rails 2.0.0 Preview

Hey All, I''m trying to do a simple form_for (and I also get it with form_tag) and I''m getting the following error: ActionView::TemplateError (No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).) on line #2 of users/new.fbml.erb: 1: <h1>Welcome To Courses, Let''s Get

I try to use db-session with protect_from_forgery. But I always get a error msg: ActionController::InvalidAuthenticityToken. application_controller.rb protect_from_forgery #:secret => ''top_secret'' session_store.rb ActionController::Base.session_store = :active_record_store hope you can help me. Best regards -- Posted via http://www.ruby-forum.com/.

Hi All, I get this strange problem with newly scaffolded apps - I''d really appreciate any help in this regard. /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-2.3.4/lib/ active_support/message_verifier.rb:46:in `block in secure_compare'' /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-2.3.4/lib/ active_support/message_verifier.rb:45:in `each''

What I want to do is share the same session across many Rails applications. All of them are using Rails 2.2.2. I know that, to share the session, it''s (supposedly) just a matter of sharing the same key and secret among the apps, like this: config.action_controller.session = { :session_key => ''_apps_session'', :secret =>

I am starting to BDD. When specing the controller I want to test for object creation: it "deberia crear una nueva persona en post create" do Usuario.should_receive(:create).with({:nombre => "camilo", :clave => "secreta", :tipo => "administrador"}).and_return(@usuario) post ''create'', {:usuario => {:nombre =>

When you generate a default Rails app, it puts this in application.html.erb: <%= csrf_meta_tags %> It does this so the remote forms can be submitted--i.e., so JavaScript can submit a form. When jquery-rails is about to submit a form, it looks for the <meta> tags named "csrf-param" and "csrf-token" and from them it constructs a hidden

Hi, After a bunch of snooping in AWDWR and Railsguides I can''t reach a good understanding to the following question: What is a session stored via the active_record_store option unique to? In other words, how does rails bind the user to their session under the active_record_store option? This concern has arisen in the following way... ...I have two use levels in my app: 1) authenticated

Hi All, I am new to Rails and learning rails reading ebook ''Agile web development using rails''. I am doing samples given in this book chapter by chapter. but I stuck when I come to Sessions chapter, they have given that to enable session to be Database based the line config.action_controller.session_store = :active_record_store is to be uncommented from config/environment.rb

I would like to integrate the uploadify plugin with a standard rails form. However I can''t figure out how to add a new field and have it get submitted with the file upload. I added a name field into the form, but the valued does not get submitted. <% dialog_file_description = ''Photos'' allowed_extensions = [:jpg, :jpeg, :gif, :png] max_size = 20.megabyte

Hi, There doesn''t seem to be any previous posts about this problem, I must be setting things up wrongly at very basics... Firstly, the problem... I can''t get session[] to persist with active_record_store. I enabled (config.action_controller.session_store = :active_record_store) in environment.rb and created the sessions table at my MySQL database. When I do a session[:blah] =

Hello, Running Ruby 1.8.6 and Rails 2.2.2 against an Oracle XE database (sigh). I just upgraded Rails from 1.2.3 to 2.2.2, which made my cookie based system for storing session information to error out due to the 4Kb limit. So, I tried to turn on the active_record_store system by un- commenting out the "config.action_controller.session_store = :active_record_store" line in

Just would like to verify: Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from Rick Olson? Thanks, Wes -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

I am having a problem using the exception_logger plugin when I have protect_from_forgery enabled. Here is the line from application.rb: protect_from_forgery :secret => ''xxxx'' But I am getting: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store). Now, if I remove the secret and try and

Should this be working in development mode? For some reason it doesn''t. regards, John

I am a newbie to Rails, coming from a PHP shop, so please excuse my ignorance. I have to applications. A Codeigniter PHP app and a Rails 3.0 app. The rails app makes paypal api calls and the php app makes curl post calls to the rails app with information from a shopping cart. How can I make this work with protect_from_forgery? I basically want to pass my own auth token from the php app (or any

Maybe I am grasping the full usage of this protect_from_forgery function, but it does not seem to work for me. Imagine the following: A simple website with a user that needs to log in to do certain stuff and a closed off admin section that only certain users can access that have the is_admin field set to true. So to be clear, my User model has a login, password and is_admin. When displaying the

I''ve almost entirely converted a rails 2.3.5 app to 3pre. I''m having some trouble with protect_from_forgery. I had protect_from_forgery set in application_controller.rb, but run some uploadify ajax stuff in one of my controllers, where I had protect_from_forgery, :except => :add_file set. In rails 3 I''m getting ActionController::InvalidAuthenticityToken on the ajax

Can I get some +1s for this tiny patch? It fixes ActiveRecordHelper::form, which is broken by default in new applications created with Rails 2.0. http://dev.rubyonrails.org/ticket/10739 Jeremy --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to

Hi folks, I am just getting into rails again after a multi-year stint of mod_perl jobs, which might grant me some newbie-indemnity for the time being - but I''ve found an issue I think warrants discussion. As discussed here - http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html - the CSRF protection feature does not kick in for GET requests. This

I have created ActiveRecord session store in a rails 3 project: > rake db:sessions:create > rake db:migrate then Myapp::Application.config.session_store :active_record_store, :key => ''_myapp_session'' in initializers/session_store.rb and it all works. Now the question: how do I list ALL active sessions? -- You received this message because you are subscribed to the