The generated token is a one time use token. So, if the page is rendered, and the token value is stored on the page, but you interact with the app via ajax, that token becomes invalid. It's a way to guarantee that the page rendered was the one submitted and prevents duplicate posting whether on purpose or via the back button.
You'll have to update the form with a new token as part of the ajax interaction. -- James Mitchell On Sat, Nov 29, 2008 at 11:06 PM, pete <[EMAIL PROTECTED]> wrote: > > Also, if you refresh the page, the problem is fixed. I don't > understand this... > > Thanks for your feedback. > > On Nov 29, 8:41 pm, pete <[EMAIL PROTECTED]> wrote: >> What if I'm using the cookie_session_store? >> >> On Nov 29, 8:24 pm, "James Mitchell" <[EMAIL PROTECTED]> wrote: >> >> >http://alwaysmovefast.com/2008/01/30/ajax-in-rails-with-authenticity-... >> >> > -- >> > James Mitchell >> >> > On Sat, Nov 29, 2008 at 9:53 PM, pete <[EMAIL PROTECTED]> wrote: >> >> > > Hi- >> >> > > I am trying to use AJAX calls to login and logout of my Rails app so >> > > that the form renders in the side bar when you are not logged in, and >> > > your "profile" renders if you are. >> >> > > It all works, but when you logout, and try and log back in, you get >> > > "ActionController::InvalidAuthenticityToken", in the development.log. >> >> > > What does this mean, I can't figure out how to fix this?? >> >> > > Thanks! >> >> > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
