hey all. I'm using the hidden authenticity_token system in my rails app. This is designed as a security measure but sometimes it kicks off in response to fairly innocent user actions like clicking the back button and then submitting a form, or submitting a form after the server has just been restarted, or whatever.
That's not really important (i don't want to debate whether the above should cause authenticity token fails). What is important is that it's going to happen sometimes in response to non-hostile user actions, and when it happens i don't want it to result in a crash screen for the user: instead, something more friendly should happen. I'm catching the exception with rescue_from, so from a technical point of view i'm good, but now i can't work out what the best thing to actually *do* is. What i'm doing as a baseline is just sending them to the homepage with an error message in flash[:error]. This works from a security point of view, and is much better than a 500 page, but i feel like i could do something better. Any ideas? Is there a standard practise for this? grateful for any advice - max -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
