Question about the web.xml session store workaround when using Goldspike to deploy a Rails 2.1 app

All,

I was getting “No :secret given to the #protect_from_forgery call.”
errors in my Websphere - deployed Rails 2.1 app. (packaged
w/Goldspike). I ran across the following in the JRuby wiki:

"Rails Error: No :secret given to the #protect_from_forgery call. Set
that or use a session store capable of generating its own keys (Cookie
Session Store)

Goldspike hasn’t been updated to handle Rails 2.0 gracefully, so you
need to let Rails take care of session storage. You do that by editing
your web.xml and adding this value:

jruby.session_store db "

I made this change to my web.xml file and things seem to work fine.

My concern is that I don’t understand what this is doing. It doesn’t
appear to actually use a DB session store (I was able to set something
on the session and got no complaints about the lack of a “sessions”
table in my DB).

So what does this change actually do?

Thanks,
Wes


To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email

Wes G. wrote:

Goldspike hasn’t been updated to handle Rails 2.0 gracefully, so you

My concern is that I don’t understand what this is doing. It doesn’t
appear to actually use a DB session store (I was able to set something
on the session and got no complaints about the lack of a “sessions”
table in my DB).

So what does this change actually do?

I really don’t know, unfortunately. GoldSpike has been completely
superceded by Warbler + JRuby-Rack. Is there a reason you can’t switch
to Warbler?

  • Charlie

To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs