Moving Back From ActiveRecord Session Store to cookie


#1

A couple months ago I moved from storing sessions in the default cookie
store to active_record. Now I kind of want to move back because I am
not
sure I see any benefit of it but many negatives i.e. it is not easy on
my
over taxed DB server as is.
The problem is that I thought it was going to be as easy as just
flipping
the switch back. But it seems to not be that simple. Once I flipped
the
switch I started getting InvalidAuthenticityToken errors on pretty much
every single form on the site. Before hand I never really got these
errors
(but I did sometimes, anyone know why sometimes they would appear and
not
other times on the same form) and now I am getting them? How would you
cleanly move back from active_record store to cookie?

I really appreciate everyone’s input.


John K.
removed_email_address@domain.invalid

Blog: http://www.kopanas.com
Conference: http://www.cusec.net
Twits: http://www.twitter.com/kopanas


#2

You have to:

  1. in application.rb, comment :secret => …, so you just leave
    “protect_from_forgery” uncommented
  2. in config/environment.rb, uncomment (or put back)
    config.action_controller.session = { … }

And you’re all set.