How often is the authenticity token updated?
The latest error that I got was a submittal of a form, an model
validation occured, I click back, make the correction, resubmit the
form, then I get an InvalidAuthenticityToken error.
Somewhat off topic
If a person is using the authenticity tokens is there still a need to
use some sort of captcha?
Thanks
On 22 May 2008, at 19:03, Chris O. wrote:
How often is the authenticity token updated?
The latest error that I got was a submittal of a form, an model
validation occured, I click back, make the correction, resubmit the
form, then I get an InvalidAuthenticityToken error.
They are tied to the session id (non cookie store) or from the crsf_id
in the session (cookie store). if something is killing the session
that will do it
Somewhat off topic
If a person is using the authenticity tokens is there still a need to
use some sort of captcha?
captcha and authenticity tokens are for completely different things.
Authenticity tokens are for guarding against crsf attacks, captchas
are for preventing computer programs automatically doing stuff with
your web app.
Fred
Hi,
I’m also getting InvalidAuthenticityToken errors. Usually this happens
after some time. I was doing the usual gets and posts, then after some
time I’ll get an InvalidAuthenticityToken error. My logs showed that
the tokens are exactly the same. Does this mean that the authenticity
token is tied to the sessions? When the session ends, the authenticity
token needs to be renewed?
Zan
On May 23, 2:09 am, Frederick C. [email protected]