Question about the web.xml session store workaround when using Goldspike to deploy a Rails 2.1 app

weyus · August 29, 2008, 7:15am

All,

I was getting “No :secret given to the #protect_from_forgery call.”
errors in my Websphere - deployed Rails 2.1 app. (packaged
w/Goldspike). I ran across the following in the JRuby wiki:

"Rails Error: No :secret given to the #protect_from_forgery call. Set
that or use a session store capable of generating its own keys (Cookie
Session Store)

Goldspike hasn’t been updated to handle Rails 2.0 gracefully, so you
need to let Rails take care of session storage. You do that by editing
your web.xml and adding this value:

jruby.session_store db "

I made this change to my web.xml file and things seem to work fine.

My concern is that I don’t understand what this is doing. It doesn’t
appear to actually use a DB session store (I was able to set something
on the session and got no complaints about the lack of a “sessions”
table in my DB).

So what does this change actually do?

Thanks,
Wes

To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email

weyus · August 30, 2008, 11:10pm

Wes G. wrote:

Goldspike hasn’t been updated to handle Rails 2.0 gracefully, so you

My concern is that I don’t understand what this is doing. It doesn’t
appear to actually use a DB session store (I was able to set something
on the session and got no complaints about the lack of a “sessions”
table in my DB).

So what does this change actually do?

I really don’t know, unfortunately. GoldSpike has been completely
superceded by Warbler + JRuby-Rack. Is there a reason you can’t switch
to Warbler?

Charlie

To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email