I have a 2.0.2 app that I’m developing locally using Mongrel. I’m using
active_record_store for sessions and have uncommented the secret in the
protect_from_forgery call. Everything works fine locally.
I uploaded the app to my server yesterday so I could show some progress
to a client. The server is running LiteSpeed Standard 3.3.11. The app
works correctly in Firefox, but not in Safari (3.1.1 Mac). I tracked the
problem down to the session_id cookie not being created in Safari, so a
new session is created on every server hit and I get blasted with
InvalidAuthenticityToken errors.
Since I have cookies enabled in Safari (it’s my primary browser), my
first thought was LiteSpeed is not writing cookies to Safari correctly,
if that’s even reasonable. To test that theory, I launched another
application that I have had on that server for many months and has been
working fine. But to be thorough, I made sure it wrote a cookie
correctly. The odd thing is that it’s a Rails 1.2.3 application, but is
using the cookie session store. Since cookies work correctly in the
1.2.3 app but not in the 2.0.2 app, I’m inclined to think this is a
Rails problem and not a LiteSpeed one.
Has anyone else experienced this? I have not yet been able to find any
related posts via this forum or Google, but I might not have hit on the
right search term combination yet.
Any help or direction will be very much appreciated.
Peace,
Phillip