hey all. I’m using the hidden authenticity_token system in my rails
app. This is designed as a security measure but sometimes it kicks off
in response to fairly innocent user actions like clicking the back
button and then submitting a form, or submitting a form after the server
has just been restarted, or whatever.
That’s not really important (i don’t want to debate whether the above
should cause authenticity token fails). What is important is that it’s
going to happen sometimes in response to non-hostile user actions, and
when it happens i don’t want it to result in a crash screen for the
user: instead, something more friendly should happen.
I’m catching the exception with rescue_from, so from a technical point
of view i’m good, but now i can’t work out what the best thing to
actually do is. What i’m doing as a baseline is just sending them to
the homepage with an error message in flash[:error]. This works from a
security point of view, and is much better than a 500 page, but i feel
like i could do something better. Any ideas? Is there a standard
practise for this?
grateful for any advice - max