I just changed my session store to use active record because it
appears session expiration and so on may be easier that way and it
seems like a better option.
In my base controller I have:
protect_from_forgery :secret => ‘hgfjh…kjhghglh’ (whatever)
self.allow_forgery_protection = false
I had commented those out during development because certain actions
would error out because of these.
For instance, I think I called remote_function() from java script and
just added :width=>something.
That added width into params, but I guess since it wasn’t part of the
routing the forgery protection
flagged an error on it, is my guess.
Is the best way to go through and try to fix the routing for
everything ? I guess that might be the way I have to do it, I wanted
to check if I really need to do that for security as it’s sort of a
pain in the neck to have to try to test
all the methods, fix the routing and such …