Forum: Ruby on Rails Moving Back From ActiveRecord Session Store to cookie

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Ba79eb31ceaef95e9e52f5e5e4ec6d02?d=identicon&s=25 John Kopanas (Guest)
on 2008-11-05 15:54
(Received via mailing list)
A couple months ago I moved from storing sessions in the default cookie
store to active_record.  Now I kind of want to move back because I am
not
sure I see any benefit of it but many negatives i.e. it is not easy on
my
over taxed DB server as is.
The problem is that I thought it was going to be as easy as just
flipping
the switch back.  But it seems to not be that simple.  Once I flipped
the
switch I started getting InvalidAuthenticityToken errors on pretty much
every single form on the site.  Before hand I never really got these
errors
(but I did sometimes, anyone know why sometimes they would appear and
not
other times on the same form) and now I am getting them?  How would you
cleanly move back from active_record store to cookie?

I really appreciate everyone's input.

--
John Kopanas
john@kopanas.com

Blog: http://www.kopanas.com
Conference: http://www.cusec.net
Twits: http://www.twitter.com/kopanas
059ed46172a087063ce26250e44c8627?d=identicon&s=25 Fernando Perez (fernando)
on 2008-11-05 17:40
You have to:
1) in application.rb, comment :secret => ..., so you just leave
"protect_from_forgery" uncommented
2) in config/environment.rb, uncomment (or put back)
config.action_controller.session = { ... }


And you're all set.
This topic is locked and can not be replied to.