How to handle InvalidAuthenticityToken

sprite · April 14, 2009, 12:54am

Scenario:

Log in a user.
Go to a page with a form.
Open a new tab and log out the user.
Go back to previous tab and submit form.
It throws InvalidAuthenticityToken before getting to my login code.
I need to redirect the user to a log in screen. What’s the best way to
capture this and handle this?

sprite · April 14, 2009, 1:15am

If anyone else is running into this issue here is how I ended up
handling it

gist.github.com

https://gist.github.com/94801

gistfile1.txt

class ApplicationController < ActionController::Base
  rescue_from ActionController::InvalidAuthenticityToken, :with => :bad_token

  def bad_token
    flash[:notice] = "Your session has expired."
    respond_to do |accepts|
      accepts.html do
        store_location
        redirect_to(:controller => '/sessions', :action => 'new') and return false
      end

This file has been truncated. show original