Sorry about the stupid questions but the csrf_id does not need to equal
the authenticity_token right or does it?
Why would it change… what does the csrf_id do?
On Wed, Jul 2, 2008 at 4:10 PM, Frederick C. [email protected]
wrote:
141813d11fff60442cef490d015b0c7c39b88"
The authenticity token is never put in the session. The
authenticity_token is generated based on session[:crsf_id]. If you can
see that value changing unexpectedly then you’ll have found the source
of the problem
Oh man, I went through this a while back, and while it got better, I’m
not sure exactly what I did that made it so. I think I rolled back a
minor version or two, and all was well. Jobs I have done since then
worked just fine with whatever was current, so I think it may have been
a wonky minor version. What versions of Ruby, Rails, and Devise are you
using, and are you using any of the third-party stuff like Invitable?
Well, you’re many versions ahead of where I was when I hit this issue. I
tried all sorts of things at the time, switched to db-backed sessions,
fiddled with minor versions, and then something worked. But I remember
it was incredibly frustrating , because it would work for a few logins
and then return to the problem again. I was deleting cookies, restarting
my Mac, trying other browsers… nightmare.