I recently closed session data in a cookie to store it in the database.
Now every ActionController :: InvalidAuthenticityToken error occurs with each POST request, it is only in Firefox, and only on my home machine (I work in the same version of FF And everything was fine). This makes me believe that something like this happened with some deleted cookies yesterday ...
Here is a relevant part of the environment. Rb:
# Confirm Your Secret Key Cookie Session Data Integrity # If you change this key, all old sessions will be invalid! # Ensure that there are at least 30 characters in the secret and all are random, # no regular words or you will be exposed to dictionary attacks. Config.action_controller.session = {: session_key = & gt; '_basillslam_session' ,: secret = & gt; '373ee5b69a4a31d3318485fs368c41fac6b797a1f5c35694b49bd49de7aeea56c9ffa1af2d8386bafe857220cafacfa0028f01be357d78'} # Use the database for sessions instead of the cookie-based default, which should not be used to store highly confidential information # (create a session table with 'rake db: session: create') Config_action_controller Session_store =: active_record_store in application.rb:
protect_from_forgery: secret = & gt; 'F1d54db45b47ec94a6a54b1e744fafa6' Here is part of the full trace where the error is thrown:
c: / instan ~ 1 / dark red / lib / Dark red / gemstone / 1.8 / gemstone / actionpack-2.0.2 / lib / action_controller / request_forgery_protection.rb: 79: `verify_authenticity_token 'in C: /INSTAN~1/ruby/lib/ruby/gems/1.8/gems /actionpack-2.0.2 /lib/action_controller/filters.rb:469:in 'Send!' C: /INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb: 469: In `call ': C: / INSTAN ~ 1 / ruby / Lib / ruby / gemstone / 1.8 / gemstone / action pack -0.0.2 / lib / action_controller / filter RB: 441: In 'run': /INSTAN~1/ruby/lib/ruby/gems/1.8/ Games / ActivitiesPak-2.0.0.2 / lib / action_controller / filters.rb: 716: `run_before_filters' in C: / INSTAN ~ 1 / ruby / lib / ruby / gems / 1.8 / gems / actionpack-2.0.2 / lib / action_controller / filter.rb: 695: `call_filters' in C: / INSTAN ~ 1 / ruby / lib / ruby / gems / 1.8 / gems / actionpack-2.0.2 / lib / action_controller / filters.rb: 689c 'in_st_unction_action_without_benchmark': / Instan ~ 1 / dark red / lib / dark red / gemstone / 1.8 / gemstone / actionpack- 2.0.2 / lib / action_controller / benchmarking.rb: 68: `in action_action_without_rescue C: /INSTAN~1/ruby/lib/ruby/1.8/benchmark .rb: 293: in` solution 'C: / INSTAN ~ 1 / Ruby / lib / ruby / gems / 1.8 / gems / actionpack-2.0.2 / lib / action_controller / benchmarking.rb: 68: `in the action_action_without_rescue 'C: / INSTAN ~ 1 / ruby / lib / ruby / ge Ms / 1.8 / gems / actionpack-2.0.2 / lib / action_controller / rescue.rb: 199: in `display_ action_without_caching 'C: /INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0. 2 / lib / action_controller/caching.rb: 678: In 'Display_Action': / INSTAN ~ 1 / Ruby / Lib / ruby / gems / 1.8 / gems / activerecord-2.0.2 / lib / active_record / connection_adapters / abstract / Query_cache.rb: 33: In 'cache': /INSTAN~1/ruby/lib/ruby/gems/1.8/gems/activerecord-2.0.2/lib/active_record/query_cache.rb:8:in 'cache' [etc. . ...] Has anyone experienced before this? Or does anyone know why this may be happening?
What happened to me at the same time, when I got my site in my home page for that site Firefox browser Remove RailSession Cookies from
This only occurs when you already have a session that used cookie store, so hopefully, only you and your browser will ever see this issue. After deleting the cookie, you will not see the error again.
With a session in the database and in browser cookies, there is only one random key to map to that session, session security magic is no longer necessary.
Comments
Post a Comment