Invalid Authenticity Token?


#1

Hi guys,

Before I explain anything here’s my setup:

Mac OS X
Ruby 1.8.7 from source, RubyGems, Rails 2.3.2, MySQL from source, the
ruby mysql adapter gem and mongrel.
Firefox 3.07

I’m new to rails and happily understanding everything as I follow
through the pragmatic programmers depot application tutorial from
their ‘agile development with rails v3 p1.0’ but one thing has me
completely stumped. I am onto the section where we’re storing the cart
items in the session store, specifically this store is the db. Now
when I run rake db:sessions:create & migrate then change the
session_store initializer in the environments folder to use the active
record store things just break! So here’s an excerpt from the code:

def add_to_cart
product = Product.find(params[:id])
@cart = find_cart
@cart.add_product(product)
end

private

def find_cart
session[:cart] ||= Cart.new
end

Easy enough it seems however when the action ‘add_to_cart’ is called I
get a nasty page showing an invalid authenticity token. Here’s the
request params: {“authenticity_token”=>“x4KicmZNjfb9c+X6prUPu6XLe8QfjB/
uRN+PR0+TNWc=”,
“id”=>“6”}

So that seems straight forward enough - there is an authenticity token
but it’s invalid for some reason. I then tried setting the development
environment variable config.action_controller.allow_forgery_protection
to false which made functionality appear to work, however… when
monitoring the db it seems that every time I click add to cart a new
session is created!! I’m completely stumped because when I revert so
the session store is using the default cookiestore things work great
and the items I expect to appear in my cart until the session data is
greater than 4kb then it breaks again but that’s understandable as we
shouldn’t be storing objects in the cookie session data so is this
then a problem with this release of rails?

Any help is much appreciated I just want to get rocking with rails now
and this has held me back all day!

Thanks in advance

Kind Regards
Richard Delph


#2

oops, the last paragraph should read:

“I’m completely stumped because when I revert back so the session
store is using the default cookiestore things work great and the items
I expect to appear in my cart do, until the session data is greater
than 4kb then it breaks again but that’s understandable as we
shouldn’t be storing objects in the cookie session data. so this leads
to the question is this then a problem with this release of rails?”


#3

Hi,

I doubt this is related to a known bug of latest releases, check it
here:
https://rails.lighthouseapp.com/projects/8994/tickets/2200-session-support-broken

I got the same invalid token error as you described, and everything
works well again after I downgrade to 2.3.0

  • Jan

#4

Had a read through that but couldn’t find anything about what’s
happening here, thanks for posting appreciated. I’m thinking of just
starting the app again in rails 2.2.2 it would only take 30 mins to
get where I’m at, at least then I could follow the tutorial in the
book and upgrade to rails 2.3.2 when I know a more about it, the only
downside is that I’m then a version behind the current release or is
that even a problem?


#5

Richie wrote:

Had a read through that but couldn’t find anything about what’s
happening here, thanks for posting appreciated. I’m thinking of just
starting the app again in rails 2.2.2 it would only take 30 mins to
get where I’m at, at least then I could follow the tutorial in the
book and upgrade to rails 2.3.2 when I know a more about it, the only
downside is that I’m then a version behind the current release or is
that even a problem?

Hi, since I upgraded my app to run on Rails 2.3.2 I am having lots of
invalid authenticity token errors.

It happens, when:

  • I launch my server in dev mode
  • go to a page of my app that has a form (cookie gets set)
  • submit form, everything works
  • clear all my cookies in firefox
  • refresh the page where I had the working form, a new cookie gets set
  • submit form, it fails
  • clear cookies and restart the server
  • refresh page with form
  • send form, it works again until I clear the cookie

Something got broken! Is it related to the 2.3.2.1 tag problem as in my
“gem list” I see versions 2.3.2 of gems.


#6

Cool, lighthouse seems down at the moment so I can’t check the tickets,
and I cannot update my gems either because gems.github.com is timing out
too.