Forum: Ruby on Rails Invalid Authenticity Token?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Richie (Guest)
on 2009-03-27 08:08
(Received via mailing list)
Hi guys,

Before I explain anything here's my setup:

Mac OS X
Ruby 1.8.7 from source, RubyGems, Rails 2.3.2, MySQL from source, the
ruby mysql adapter gem and mongrel.
Firefox 3.07

I'm new to rails and happily understanding everything as I follow
through the pragmatic programmers depot application tutorial from
their 'agile development with rails v3 p1.0' but one thing has me
completely stumped. I am onto the section where we're storing the cart
items in the session store, specifically this store is the db. Now
when I run rake db:sessions:create & migrate then change the
session_store initializer in the environments folder to use the active
record store things just break! So here's an excerpt from the code:

  def add_to_cart
    product = Product.find(params[:id])
    @cart = find_cart
    @cart.add_product(product)
  end

  private

  def find_cart
    session[:cart] ||= Cart.new
  end

Easy enough it seems however when the action 'add_to_cart' is called I
get a nasty page showing an invalid authenticity token. Here's the
request params: {"authenticity_token"=>"x4KicmZNjfb9c+X6prUPu6XLe8QfjB/
uRN+PR0+TNWc=",
 "id"=>"6"}

So that seems straight forward enough - there is an authenticity token
but it's invalid for some reason. I then tried setting the development
environment variable config.action_controller.allow_forgery_protection
to false which made functionality appear to work, however... when
monitoring the db it seems that every time I click add to cart a new
session is created!! I'm completely stumped because when I revert so
the session store is using the default cookiestore things work great
and the items I expect to appear in my cart until the session data is
greater than 4kb then it breaks again but that's understandable as we
shouldn't be storing objects in the cookie session data so is this
then a problem with this release of rails?

Any help is much appreciated I just want to get rocking with rails now
and this has held me back all day!

Thanks in advance

Kind Regards
Richard Delph
Richie (Guest)
on 2009-03-27 08:12
(Received via mailing list)
oops, the last paragraph should read:

"I'm completely stumped because when I revert back so the session
store is using the default cookiestore things work great and the items
I expect to appear in my cart do, until the session data is greater
than 4kb then it breaks again but that's understandable as we
shouldn't be storing objects in the cookie session data. so this leads
to the question is this then a problem with this release of rails?"
Flower B. (Guest)
on 2009-03-27 08:29
(Received via mailing list)
Hi,

I doubt this is related to a known bug of latest releases, check it
here:
https://rails.lighthouseapp.com/projects/8994/tick...

I got the same invalid token error as you described, and everything
works well again after I downgrade to 2.3.0

- Jan

* Richie <removed_email_address@domain.invalid> [2009-03-26 23:11:42 -0700]:
Richie (Guest)
on 2009-03-27 10:04
(Received via mailing list)
Had a read through that but couldn't find anything about what's
happening here, thanks for posting appreciated.  I'm thinking of just
starting the app again in rails 2.2.2 it would only take 30 mins to
get where I'm at, at least then I could follow the tutorial in the
book and upgrade to rails 2.3.2 when I know a more about it, the only
downside is that I'm then a version behind the current release or is
that even a problem?
Fernando P. (Guest)
on 2009-03-30 20:08
Richie wrote:
> Had a read through that but couldn't find anything about what's
> happening here, thanks for posting appreciated.  I'm thinking of just
> starting the app again in rails 2.2.2 it would only take 30 mins to
> get where I'm at, at least then I could follow the tutorial in the
> book and upgrade to rails 2.3.2 when I know a more about it, the only
> downside is that I'm then a version behind the current release or is
> that even a problem?

Hi, since I upgraded my app to run on Rails 2.3.2 I am having lots of
invalid authenticity token errors.

It happens, when:
- I launch my server in dev mode
- go to a page of my app that has a form (cookie gets set)
- submit form, everything works
- clear all my cookies in firefox
- refresh the page where I had the working form, a new cookie gets set
- submit form, it fails
- clear cookies and restart the server
- refresh page with form
- send form, it works again until I clear the cookie

Something got broken! Is it related to the 2.3.2.1 tag problem as in my
"gem list" I see versions 2.3.2 of gems.
Fernando P. (Guest)
on 2009-03-30 20:12
Cool, lighthouse seems down at the moment so I can't check the tickets,
and I cannot update my gems either because gems.github.com is timing out
too.
This topic is locked and can not be replied to.