InvalidAuthenticityToken error with db sessions


#1

I added login to my app and storing the sessions in the db. I
un-commented the “config.action_controller.session_store =
:active_record_store” line in the environment.rb file, and the :secret
in the application.rb file.

Now, when I try to login I get the error InvalidAuthenticityToken.
Here’s my login form:

<% form_for :user, :url => { :action => ‘do_login’ } do |f| %>

user: <%= f.text_field :user_name %>

pass: <%= f.password_field :password %>

<%= f.submit 'login' %> <% end %>

I checked the markup and the hidden field with the token appears. I’m
baffled on what keep causing this error - and would appreciate any help.


#2

sa 125 wrote:

I added login to my app and storing the sessions in the db. I
un-commented the “config.action_controller.session_store =
:active_record_store” line in the environment.rb file, and the :secret
in the application.rb file.

Now, when I try to login I get the error InvalidAuthenticityToken.
Here’s my login form:

<% form_for :user, :url => { :action => ‘do_login’ } do |f| %>

user: <%= f.text_field :user_name %>

pass: <%= f.password_field :password %>

<%= f.submit 'login' %> <% end %>

I checked the markup and the hidden field with the token appears. I’m
baffled on what keep causing this error - and would appreciate any help.

I should also mention that the exact error is:

ActionController::InvalidAuthenticityTokem in LoginController#do_login


and in the controller:

def do_login
if request.post?
user = User.authenticate(params[:user_name], params[:password])
if user
session[:user_id] = user.id
redirect_to home_page
else
flash.now[:notice] = “Invalid user/password - please try again”
end
end
end

thanks.


#3

Right, sorry. Thought it might deserve a seperate thread. Here’s the
other post if someone wondered here looking for an answer:
http://www.ruby-forum.com/topic/179690#786710


#4

i answered to this in your other thread…