ActionController::InvalidAuthenticityToken?


#1

Hi-

I am trying to use AJAX calls to login and logout of my Rails app so
that the form renders in the side bar when you are not logged in, and
your “profile” renders if you are.

It all works, but when you logout, and try and log back in, you get
“ActionController::InvalidAuthenticityToken”, in the development.log.

What does this mean, I can’t figure out how to fix this??

Thanks!


#2

http://alwaysmovefast.com/2008/01/30/ajax-in-rails-with-authenticity-token/


James M.


#3

What if I’m using the cookie_session_store?


#4

Also, if you refresh the page, the problem is fixed. I don’t
understand this…

Thanks for your feedback.


#5

The generated token is a one time use token. So, if the page is
rendered, and the token value is stored on the page, but you interact
with the app via ajax, that token becomes invalid. It’s a way to
guarantee that the page rendered was the one submitted and prevents
duplicate posting whether on purpose or via the back button.

You’ll have to update the form with a new token as part of the ajax
interaction.


James M.


#6

Ah, ok, so the suggestion is to add a hidden field with the <%=
form_authenticity_token %> in it?

Thanks again, I’ve been messing with this all day…


#7

pete wrote:

Ah, ok, so the suggestion is to add a hidden field with the <%=
form_authenticity_token %> in it?

Thanks again, I’ve been messing with this all day…

Did you solved your problem ?

I’m having the same trouble, but in my source html page I can see the
token there:

No matter wich action I I call, it never fires. I suppose Rails is
intercepting and stopping it because the token problem.

any ideas ?

thanks,

r.