InvalidAuthenticityToken problems with my login form

kadoudal · December 23, 2007, 11:26am

I am trying to convert my codeand to use the new Rails 2.0 feature
RequestForgeryProtection
but I get an InvalidAuthenticityToken error, right from the beginning
with my login form…

I followed the recommandations :

in my environment.rb
config.action_controller.session = {
:session_key => ‘myappname’,
:secret => ‘6de86b5566d7598f57e757960760acd2’
}

in my application.rb
protect_from_forgery :secret => ‘6de86b5566d7598f57e757960760acd2’

my sessions_controller.rb doesn’t have anything new inside… same code
as used with rails 1.2
(is it right ?)

class SessionsController < ApplicationController
def new
@login = “”
end

def create
if open_id?(params[:login])
open_id_authentication params[:login]
else
password_authentication params[:login], params[:password]
end
end

what should I take care in this conversion ?

thanks

kadoudal · December 23, 2007, 11:44am

On 23 Dec 2007, at 10:26, Kad K. wrote:

:session_key => ‘myappname’,
:secret => ‘6de86b5566d7598f57e757960760acd2’
}

in my application.rb
protect_from_forgery :secret => ‘6de86b5566d7598f57e757960760acd2’

my sessions_controller.rb doesn’t have anything new inside… same
code
as used with rails 1.2
(is it right ?)

Does your form include the token ?

Fred

kadoudal · December 23, 2007, 12:47pm

Frederick C. wrote:

On 23 Dec 2007, at 10:26, Kad K. wrote:

:session_key => ‘myappname’,
:secret => ‘6de86b5566d7598f57e757960760acd2’
}

in my application.rb
protect_from_forgery :secret => ‘6de86b5566d7598f57e757960760acd2’

my sessions_controller.rb doesn’t have anything new inside… same
code
as used with rails 1.2
(is it right ?)

Does your form include the token ?

Fred

yes, I can see the token in the log…
Parameters: {“commit”=>“send me a key please”,
“authenticity_token”=>“56e36d73f759d4a3efeadcc71354da428f24efcd”,
“action”=>“create”, “controller”=>“users”,
“email”=>“[email protected]”}

I am using the last rails 2.0.2 rails version (gem install rails) it’s
stated that the session cookie store is the default with Rails edge…
am I using the right version ?
how can I check that the default session store is cookies and not file
(Pstore was the default before … ?)

kad

kadoudal · April 19, 2008, 10:51am

could you try to include prototype in your layout? It’s work for me

On 23 ÄÅË 2007, 19:59, Kad K. [email protected]

kadoudal · December 23, 2007, 1:59pm

Does your form include the token ?

Fred

yes, I can see the token in the log…
Parameters: {“commit”=>“send me a key please”,
“authenticity_token”=>“56e36d73f759d4a3efeadcc71354da428f24efcd”,
“action”=>“create”, “controller”=>“users”,
“email”=>“[email protected]”}

I am using the last rails 2.0.2 rails version (gem install rails) it’s
stated that the session cookie store is the default with Rails edge…
am I using the right version ?
how can I check that the default session store is cookies and not file
(Pstore was the default before … ?)

kad

that was the case ! I was using 2.0.1 !! not 2.0.2 … it’s ok now !!