ActionController::InvalidAuthenticityToken in User#login
Showing user/login.html.erb where line #2 raised:
No :secret given to the #protect_from_forgery call.
Set that or use a session store capable of generating its
own keys (Cookie Session Store).
This happened after I switched from using the file system to a database for storing sessions (after uncommenting the line "
config.action_controller.session_store = :active_record_store" in config/environment.rb).Once you switch to database store, you'll need to comment the "
protect_from_forgery" line in app/controllers/application.rb
# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
#protect_from_forgery # :secret => 'b3e36f40312f075ea2697fb85180e312'
No comments:
Post a Comment