I was getting “No :secret given to the #protect_from_forgery call.”
errors in my Websphere - deployed Rails 2.1 app. (packaged
w/Goldspike). I ran across the following in the JRuby wiki:
"Rails Error: No :secret given to the #protect_from_forgery call. Set
that or use a session store capable of generating its own keys (Cookie
Goldspike hasn’t been updated to handle Rails 2.0 gracefully, so you
need to let Rails take care of session storage. You do that by editing
your web.xml and adding this value:
I made this change to my web.xml file and things seem to work fine.
My concern is that I don’t understand what this is doing. It doesn’t
appear to actually use a DB session store (I was able to set something
on the session and got no complaints about the lack of a “sessions”
table in my DB).
So what does this change actually do?
To unsubscribe from this list, please visit: