I am trying to convert my codeand to use the new Rails 2.0 feature
RequestForgeryProtection
but I get an InvalidAuthenticityToken error, right from the beginning
with my login form…
I followed the recommandations :
in my environment.rb
config.action_controller.session = {
:session_key => ‘myappname’,
:secret => ‘6de86b5566d7598f57e757960760acd2’
}
in my application.rb
protect_from_forgery :secret => ‘6de86b5566d7598f57e757960760acd2’
my sessions_controller.rb doesn’t have anything new inside… same code
as used with rails 1.2
(is it right ?)
class SessionsController < ApplicationController
def new
@login = “”
end
def create
if open_id?(params[:login])
open_id_authentication params[:login]
else
password_authentication params[:login], params[:password]
end
end
what should I take care in this conversion ?
thanks
On 23 Dec 2007, at 10:26, Kad K. wrote:
:session_key => ‘myappname’,
:secret => ‘6de86b5566d7598f57e757960760acd2’
}
in my application.rb
protect_from_forgery :secret => ‘6de86b5566d7598f57e757960760acd2’
my sessions_controller.rb doesn’t have anything new inside… same
code
as used with rails 1.2
(is it right ?)
Does your form include the token ?
Fred
Frederick C. wrote:
On 23 Dec 2007, at 10:26, Kad K. wrote:
:session_key => ‘myappname’,
:secret => ‘6de86b5566d7598f57e757960760acd2’
}
in my application.rb
protect_from_forgery :secret => ‘6de86b5566d7598f57e757960760acd2’
my sessions_controller.rb doesn’t have anything new inside… same
code
as used with rails 1.2
(is it right ?)
Does your form include the token ?
Fred
yes, I can see the token in the log…
Parameters: {“commit”=>“send me a key please”,
“authenticity_token”=>“56e36d73f759d4a3efeadcc71354da428f24efcd”,
“action”=>“create”, “controller”=>“users”,
“email”=>“[email protected]”}
I am using the last rails 2.0.2 rails version (gem install rails) it’s
stated that the session cookie store is the default with Rails edge…
am I using the right version ?
how can I check that the default session store is cookies and not file
(Pstore was the default before … ?)
kad
could you try to include prototype in your layout? It’s work for me
On 23 ÄÅË 2007, 19:59, Kad K. [email protected]
Does your form include the token ?
Fred
yes, I can see the token in the log…
Parameters: {“commit”=>“send me a key please”,
“authenticity_token”=>“56e36d73f759d4a3efeadcc71354da428f24efcd”,
“action”=>“create”, “controller”=>“users”,
“email”=>“[email protected]”}
I am using the last rails 2.0.2 rails version (gem install rails) it’s
stated that the session cookie store is the default with Rails edge…
am I using the right version ?
how can I check that the default session store is cookies and not file
(Pstore was the default before … ?)
kad
that was the case ! I was using 2.0.1 !! not 2.0.2 … it’s ok now !!