Hello all. Got an Internal Rails 2.1.1 app. It is on an intranet and the computers accessing it do not access any other websites. I am getting a _lot_ of invalid authenticity errors. All the pages that are generating the errors are using the rails Form builder helpers with standard POST actions. So I don't see how I would be creating so many errors. I am considering turning this feature off all together, as cross site scripting is basically impossible if your PC doesn't connect to the Internet or any other website. But I would like to know if there is anything I should be looking for as to why I am getting so many of these errors. Where should I start? Mikel
on 2009-01-01 08:31
on 2009-01-01 22:01
Hi! i've got the same (or similar i'm not totally sure) error some time ago. In my case the reason was a stupid usage of caching. I used a partial-cache around a link_to-helper which used an authenticity- token. This token gets outdated after a few hours (or days)...
on 2009-02-02 22:02
I'm on 2.2.2 and having this same issue. I don't cache formed pages. All forms on the website give these token errors after submission after the users session expires. I'm using form helpers. My key was made by scaffold and is long and complex. These forms have worked for months as they are. I'm using activerecord sessions. Refreshing the form doesn't help, not even quitting IE and going back helps. Only restarting server software allows you to use the forms again.