Active_record_store sessions does not pass a :secret to #protect_from_forgery in Rails 2.0.0 Preview


After switching to active_record_store to host sessions, I now get the
following errors:

ActionController::InvalidAuthenticityToken in Pages#edit
Showing app/views/pages/edit.html.erb where line #5 raised:

No :secret given to the #protect_from_forgery call. Set that or use a
session store capable of generating its own keys (Cookie Session

Extracted source (around line #5):

3: <%= error_messages_for :page %>
5: <% form_for(@page) do |f| %>

7: Name

8: <%= f.text_field :name %>

RAILS_ROOT: C:/www/rails_apps/myapp

Application Trace | Framework Trace | Full Trace
form_authenticity_token' (eval):2:insend’
(eval):2:in form_authenticity_token' app/views/pages/edit.html.erb:5:in_run_erb_47app47views47pages47edit46html46erb’

Do I need to do something else besides create the database table and
uncomment the line in config/environment.rb?


Hello riles01, you have run your application with cookies
authentication mode and, thus, will remain sessions in your cookies.
Delete your cookies and it will work.


sorry, it seem work well, but no. in your environement.rb you have :

config.action_controller.session = {
:session_key => ‘_myapp_session’,
:secret => ‘secretpass’

config.action_controller.session_store = :active_record_store

and add in your app/controller/application.rb
protect_from_forgery :secret => ‘secretpass’

and all work well.