I just changed my session store to use active record because it appears session expiration and so on may be easier that way and it seems like a better option.
In my base controller I have: protect_from_forgery :secret => 'hgfjh...kjhghglh' (whatever) self.allow_forgery_protection = false I had commented those out during development because certain actions would error out because of these. For instance, I think I called remote_function() from java script and just added :width=>something. That added width into params, but I guess since it wasn't part of the routing the forgery protection flagged an error on it, is my guess. Is the best way to go through and try to fix the routing for everything ? I guess that might be the way I have to do it, I wanted to check if I really need to do that for security as it's sort of a pain in the neck to have to try to test all the methods, fix the routing and such .. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
