similar to: InvalidAuthenticityToken when using Mechanize

I''ve almost entirely converted a rails 2.3.5 app to 3pre. I''m having some trouble with protect_from_forgery. I had protect_from_forgery set in application_controller.rb, but run some uploadify ajax stuff in one of my controllers, where I had protect_from_forgery, :except => :add_file set. In rails 3 I''m getting ActionController::InvalidAuthenticityToken on the ajax

I used to have Simple Captcha installed, but since I removed it I got all kinds of problems with login. Processing UsersController#login (for 188.177.122.179 at 2010-09-19 12:21:09) [POST] Parameters: {"commit"=>"OK", "authenticity_token"=>"/ Y0aZETCsMhyI3CkrZJK6O2NaLEoi+LRe8ZuDPWU9kc=",

All, I''ve upgraded to 2.0.2, and I can''t get my login screen (the first POST request in the application) to work. When I post this form, I see the "InvalidAuthenticityToken" error. I have protect_from_forgery :secret => ''my_secret'' set in application.rb and I am using an active_record session store based on this line in environment.rb:

I try to use db-session with protect_from_forgery. But I always get a error msg: ActionController::InvalidAuthenticityToken. application_controller.rb protect_from_forgery #:secret => ''top_secret'' session_store.rb ActionController::Base.session_store = :active_record_store hope you can help me. Best regards -- Posted via http://www.ruby-forum.com/.

I am trying to convert my codeand to use the new Rails 2.0 feature RequestForgeryProtection but I get an InvalidAuthenticityToken error, right from the beginning with my login form.. I followed the recommandations : in my environment.rb config.action_controller.session = { :session_key => ''myappname'', :secret =>

My login controller seems to be randomly raising InvalidAuthenticityToken errors. I''m using exception_notifier so I''ve got pretty solid debug output, but I can''t see any pattern to it. They are real users with different IPs and different who sometimes try repeatedly to join or log in and mail me when they can''t, so I don''t think it''s any kind

Hi, I have a Rails 2.1.1 web app, and a Rails 2.1.1 app acting as a client by using ActiveResource. From the client, I can find, create, and update resources owned by the web app. However, I can not delete any. Calling the .destroy method in ActiveResource generates a 422 from the web app. Not sure why this would be the case, since I thought protect_from_forgery only protects HTML and JS

I''m trying to create a log in in index.html, but I keep getting an error about InvalidAuthenticityToken. I understand this is something that RoR puts in the forms, and it changes regularly. The problem is that the home page in the public folder is html, and therefore static. has anyone else put a log in on their home page? -- Posted via http://www.ruby-forum.com/.

I am starting to BDD. When specing the controller I want to test for object creation: it "deberia crear una nueva persona en post create" do Usuario.should_receive(:create).with({:nombre => "camilo", :clave => "secreta", :tipo => "administrador"}).and_return(@usuario) post ''create'', {:usuario => {:nombre =>

Hello, I''ve been testing my project with some manual tests. One of them consists of deleting cookies ("clean personal info" in firefox) just before submit the login form. Then, I get an error. The error message is: ActionController::InvalidAuthenticityToken in SessionsController#create I''m on Rails 2.0.2 with restful_authentication plugin. I''m using

This is my environment.rb # Load the rails application require File.expand_path(''../application'', __FILE__) # Initialize the rails application Qstack::Application.initialize! require ''koala'' This is my application_controller.rb class ApplicationController < ActionController::Base # protect_from_forgery before_filter :parse_facebook_cookies def

If a user that has not yet signed up for Facebook attempts to visit an application page facebook presents them with a registration form. After this form is completed, the application is automatically added to the user''s account and Facebook displays the following message: Welcome George Tesster! Your account has been created. [application] has been added to your account. Facebook also

I''m using exception_notifier to get an email when a 500 error occurs in production. Lately I''m seeing a lot of nonsensical POSTs show up that cause an InvalidAuthenticityToken error. All the fields contain random characters. (For instance, "search_title"=>"BHQWTZpjGeb") Is there a way to detect them and not send the email, while still sending the email in

Hi all, I''m getting some weird behavior. I''m developing on two machines, one with os x and the other with windows xp. I was testing one of my registration forms and it worked fine when mongrel_rails was run on the windows machine, but when mongrel was run on os x it kept throwing "ActionController::InvalidAuthenticityToken". I realized I had forgotten the <%=

Scenario: 1. Log in a user. 2. Go to a page with a form. 3. Open a new tab and log out the user. 4. Go back to previous tab and submit form. 5. It throws InvalidAuthenticityToken before getting to my login code. I need to redirect the user to a log in screen. What''s the best way to capture this and handle this? --~--~---------~--~----~------------~-------~--~----~ You received this

How often is the authenticity token updated? The latest error that I got was a submittal of a form, an model validation occured, I click back, make the correction, resubmit the form, then I get an InvalidAuthenticityToken error. Somewhat off topic If a person is using the authenticity tokens is there still a need to use some sort of captcha? Thanks -- Posted via http://www.ruby-forum.com/.

After switching to active_record_store to host sessions, I now get the following errors: ActionController::InvalidAuthenticityToken in Pages#edit Showing app/views/pages/edit.html.erb where line #5 raised: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store). Extracted source (around line #5): 2: 3:

Hi I''ve just uploaded my new website to my server and, after a couple of teething problems, seem to be hitting problems when I am using devise and warden to authenticate users etc. The following is the error message with sensitive information removed: Processing RegistrationsController#create (for 81.111.90.194 at 2010-08-19 21:35:43) [POST] Parameters:

I am trying to write a REST web service testing locally is fine but whane I deploy the server and try test it via curl curl -i -X POST -H ''Content-Type:application/xml'' -d '''' http://mytesteddomain.tld/user/posts/createReference.xml I get an error : ERROR TYPE: ActionController::InvalidAuthenticityToken ERROR MESSAGE:

Hi, I''m having a problem trying to get a login controller working. When I try and post to my login controller I get the following error: ActionController::InvalidAuthenticityToken in LoginController#login login_controller: class LoginController < ApplicationController def login case request.method when :post if @session[''user''] =