Currently I am using ActiveRecord as session store. And have this
(protect_from_forgery :secret=“xxxx”) set in ApplicationController. Also
every five minutes I have a cron job to delete any session record that
has not been updated for 15 minutes (by checking updated_at column
value).
The problem is: If I stay in one page and editing a long article, after
20 minutes something, if I click on save. Server will throw This error:
ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken).
Most likely that the session record is not updated while I am editing
the article. And it gets removed by cron job.
I have two questions:
-
What triggers session record get updated in Rails?
-
How do I handle this scenario?
Thanks a lot for help.