Forum: Ruby on Rails InvalidAuthenticityToken error with db sessions

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
sa 1. (Guest)
on 2009-02-25 15:13
I added login to my app and storing the sessions in the db. I
un-commented the "config.action_controller.session_store =
:active_record_store" line in the environment.rb file, and the :secret
in the application.rb file.

Now, when I try to login I get the error InvalidAuthenticityToken.
Here's my login form:

<% form_for :user, :url => { :action => 'do_login' } do |f| %>
  <p>user: <%= f.text_field :user_name %></p>
  <p>pass: <%= f.password_field :password %></p>
  <%= f.submit 'login' %>
<% end %>


I checked the markup and the hidden field with the token appears. I'm
baffled on what keep causing this error - and would appreciate any help.
sa 1. (Guest)
on 2009-02-25 15:43
sa 125 wrote:
> I added login to my app and storing the sessions in the db. I
> un-commented the "config.action_controller.session_store =
> :active_record_store" line in the environment.rb file, and the :secret
> in the application.rb file.
>
> Now, when I try to login I get the error InvalidAuthenticityToken.
> Here's my login form:
>
> <% form_for :user, :url => { :action => 'do_login' } do |f| %>
>   <p>user: <%= f.text_field :user_name %></p>
>   <p>pass: <%= f.password_field :password %></p>
>   <%= f.submit 'login' %>
> <% end %>
>
>
> I checked the markup and the hidden field with the token appears. I'm
> baffled on what keep causing this error - and would appreciate any help.

I should also mention that the exact error is:

ActionController::InvalidAuthenticityTokem in LoginController#do_login

--
and in the controller:

def do_login
  if request.post?
    user = User.authenticate(params[:user_name], params[:password])
    if user
      session[:user_id] = user.id
      redirect_to home_page
    else
      flash.now[:notice] = "Invalid user/password - please try again"
    end
  end
end


thanks.
MaD (Guest)
on 2009-02-25 16:17
(Received via mailing list)
i answered to this in your other thread...
sa 1. (Guest)
on 2009-02-25 19:00
Right, sorry. Thought it might deserve a seperate thread. Here's the
other post if someone wondered here looking for an answer:
http://www.ruby-forum.com/topic/179690#786710
This topic is locked and can not be replied to.