Invalid Authenticity Token after redirect

I have a simple login controller in which I use new/create to do the
login. For create, I have

def create # do login
session[:user_id] = nil
u=params[:user]
user = User.authenticate(u[:name], u[:password])
if user
session[:user_id] = user.id
flash[:info]= ‘Login Successful’
redirect_to(:action => “index”, :controller=>‘main’ )
else
flash[:notice] = “Login Failure”
redirect_to new_login_path
end

When I get a login failure, the redirect correctly takes me to the
login screen (new), but when I submit the form I get
ActionController::InvalidAuthenticityToken

There is another thread
http://groups.google.com/group/rubyonrails-talk/browse_thread/thread/cba205f4e3153d5a
that suggested <%= token_tag %>.

I tried that it my form, but no joy. Can’t really find much in the
way of docs, couldn’t even find token_tag. I know there is mention
of a bug fix which is coming, does anyone know if that is going to
solve this one, or is there some way of working round it other than
disabling protect from forgery

Tony

OK, looking at this a bit more, I can see in the forms that I am
getting a different authenticity token in the form generated by
submitting the url - localhost:3000/login to the one in the form
generated after the redirect.

Now watching the server output, I can see that I am getting a
different Session ID:
The first part is the same, but the last part is very different

Tony

You have the secret cookie set, I’m guessing, which means that in
forms, you need to get rails to generate the forms, otherwise they
won’t have the hidden authenticity field in the form.

What does your view file look like for users/new.rhtml.erb? Is it
using Rails helpers for the form tag?

Julian.

Learn Ruby on Rails! CHECK OUT THE FREE VIDS (LIMITED TIME) NEW VIDEO
(#2) OUT NOW!
http://sensei.zenunit.com/

By resetting the session, you’re indubitably resetting the
authenticity token.

Julian.

Learn Ruby on Rails! CHECK OUT THE FREE VIDS (LIMITED TIME) NEW VIDEO
(#2) OUT NOW!
http://sensei.zenunit.com/

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs