Active_record_store sessions does not pass a :secret to #protect_from_forgery in Rails 2.0.0 Preview

After switching to active_record_store to host sessions, I now get the
following errors:

ActionController::InvalidAuthenticityToken in Pages#edit
Showing app/views/pages/edit.html.erb where line #5 raised:

No :secret given to the #protect_from_forgery call. Set that or use a
session store capable of generating its own keys (Cookie Session
Store).

Extracted source (around line #5):

2:
3: <%= error_messages_for :page %>
4:
5: <% form_for(@page) do |f| %>
6:


7: Name

8: <%= f.text_field :name %>

RAILS_ROOT: C:/www/rails_apps/myapp

Application Trace | Framework Trace | Full Trace
c:/www/ruby/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/
action_controller/request_forgery_protection.rb:101:in
form_authenticity_token' (eval):2:insend’
(eval):2:in form_authenticity_token' app/views/pages/edit.html.erb:5:in_run_erb_47app47views47pages47edit46html46erb’

Do I need to do something else besides create the database table and
uncomment the line in config/environment.rb?

Hello riles01, you have run your application with cookies
authentication mode and, thus, will remain sessions in your cookies.
Delete your cookies and it will work.

sorry, it seem work well, but no. in your environement.rb you have :

config.action_controller.session = {
:session_key => ‘_myapp_session’,
:secret => ‘secretpass’
}

uncomment
config.action_controller.session_store = :active_record_store

and add in your app/controller/application.rb
protect_from_forgery :secret => ‘secretpass’

and all work well.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs