Forum: Ruby on Rails ActionController::InvalidAuthenticityToken?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
pete (Guest)
on 2008-11-30 04:54
(Received via mailing list)
Hi-

I am trying to use AJAX calls to login and logout of my Rails app so
that the form renders in the side bar when you are not logged in, and
your "profile" renders if you are.

It all works, but when you logout, and try and log back in, you get
"ActionController::InvalidAuthenticityToken", in the development.log.

What does this mean, I can't figure out how to fix this??

Thanks!
James M. (Guest)
on 2008-11-30 05:25
(Received via mailing list)
pete (Guest)
on 2008-11-30 05:42
(Received via mailing list)
What if I'm using the cookie_session_store?
pete (Guest)
on 2008-11-30 06:07
(Received via mailing list)
Also, if you refresh the page, the problem is fixed.  I don't
understand this...

Thanks for your feedback.
James M. (Guest)
on 2008-11-30 06:26
(Received via mailing list)
The generated token is a one time use token.  So, if the page is
rendered, and the token value is stored on the page, but you interact
with the app via ajax, that token becomes invalid.  It's a way to
guarantee that the page rendered was the one submitted and prevents
duplicate posting whether on purpose or via the back button.

You'll have to update the form with a new token as part of the ajax
interaction.


--
James M.
pete (Guest)
on 2008-11-30 06:53
(Received via mailing list)
Ah, ok, so the suggestion is to add a hidden field with the <%=
form_authenticity_token %> in it?

Thanks again, I've been messing with this all day...
Mongeta 9. (Guest)
on 2009-02-10 19:19
pete wrote:
> Ah, ok, so the suggestion is to add a hidden field with the <%=
> form_authenticity_token %> in it?
>
> Thanks again, I've been messing with this all day...


Did you solved your problem ?

I'm having the same trouble, but in my source html page I can see the
token there:

<form action="/expedients/sdsfds?tokens=" method="post" onsubmit="new
Ajax.Updater('div_listd', '/expedients/sdsfds?tokens=',
{asynchronous:true, evalScripts:true, insertion:'bottom',
parameters:Form.serialize(this)}); return false;"><div
style="margin:0;padding:0"><input name="authenticity_token"
type="hidden" value="c5fb066b9a3370e15f94154cc2140759d40f079c" /></div>


No matter wich action I I call, it never fires. I suppose Rails is
intercepting and stopping it because the token problem.

any ideas ?

thanks,

r.
This topic is locked and can not be replied to.