Forum: Ruby on Rails Moving Back From ActiveRecord Session Store to cookie

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
John K. (Guest)
on 2008-11-05 16:54
(Received via mailing list)
A couple months ago I moved from storing sessions in the default cookie
store to active_record.  Now I kind of want to move back because I am
sure I see any benefit of it but many negatives i.e. it is not easy on
over taxed DB server as is.
The problem is that I thought it was going to be as easy as just
the switch back.  But it seems to not be that simple.  Once I flipped
switch I started getting InvalidAuthenticityToken errors on pretty much
every single form on the site.  Before hand I never really got these
(but I did sometimes, anyone know why sometimes they would appear and
other times on the same form) and now I am getting them?  How would you
cleanly move back from active_record store to cookie?

I really appreciate everyone's input.

John K.

Fernando P. (Guest)
on 2008-11-05 18:40
You have to:
1) in application.rb, comment :secret => ..., so you just leave
"protect_from_forgery" uncommented
2) in config/environment.rb, uncomment (or put back)
config.action_controller.session = { ... }

And you're all set.
This topic is locked and can not be replied to.