Tech Tidbits - Ruby, Ruby On Rails, Merb, .Net, Javascript, jQuery, Ajax, CSS...and other random bits and pieces.

Thursday, April 24, 2008

Rails - ActionController::InvalidAuthenticityToken

ActionController::InvalidAuthenticityToken in User#login

Showing user/login.html.erb where line #2 raised:

No :secret given to the #protect_from_forgery call.
Set that or use a session store capable of generating its
own keys (Cookie Session Store).

This happened after I switched from using the file system to a database for storing sessions (after uncommenting the line "config.action_controller.session_store = :active_record_store" in config/environment.rb).

Once you switch to database store, you'll need to comment the "protect_from_forgery" line in app/controllers/application.rb

# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
#protect_from_forgery # :secret => 'b3e36f40312f075ea2697fb85180e312'

No comments:

About Me

My photo
Developer (Ruby on Rails, iOS), musician/composer, Buddhist, HSP, Vegan, Aspie.