[Rails] Rails 2.3.8 - InvalidAuthenticityToken problem. URGENT!

Sun, 19 Sep 2010 14:04:34 -0700 

I used to have Simple Captcha installed, but since I removed it I got
all kinds of problems with login.

Processing UsersController#login (for 188.177.122.179 at 2010-09-19
12:21:09) [POST]
  Parameters: {"commit"=>"OK", "authenticity_token"=>"/
Y0aZETCsMhyI3CkrZJK6O2NaLEoi+LRe8ZuDPWU9kc=",
"user"=>{"remember_me"=>"0", "password"=>"xxxxx",
"screen_name"=>"rune"}}

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
  /home/heroku_rack/lib/static_assets.rb:9:in `call'
  /home/heroku_rack/lib/last_access.rb:15:in `call'
  /home/heroku_rack/lib/date_header.rb:14:in `call'
  thin (1.2.6) lib/thin/connection.rb:76:in `pre_process'
  thin (1.2.6) lib/thin/connection.rb:74:in `catch'
  thin (1.2.6) lib/thin/connection.rb:74:in `pre_process'
  thin (1.2.6) lib/thin/connection.rb:57:in `process'
  thin (1.2.6) lib/thin/connection.rb:42:in `receive_data'
  eventmachine (0.12.10) lib/eventmachine.rb:256:in `run_machine'
  eventmachine (0.12.10) lib/eventmachine.rb:256:in `run'
  thin (1.2.6) lib/thin/backends/base.rb:57:in `start'
  thin (1.2.6) lib/thin/server.rb:156:in `start'
  thin (1.2.6) lib/thin/controllers/controller.rb:80:in `start'
  thin (1.2.6) lib/thin/runner.rb:177:in `send'
  thin (1.2.6) lib/thin/runner.rb:177:in `run_command'
  thin (1.2.6) lib/thin/runner.rb:143:in `run!'
  thin (1.2.6) bin/thin:6
  /usr/ruby1.8.7/bin/thin:19:in `load'
  /usr/ruby1.8.7/bin/thin:19

--

# session_store.rb

ActionController::Base.session = {
  :key         => '_neurodag_session',
  :secret      =>
'9141fa2aa733a6f5307913680b13c2028f9cdd827f2daa898c4ad4bdf4da63dc7c17788c5028ad6eadaf8c81d0682dbd83d1bd05824d52a12fdc7500e37a6b47'
}

# application_controller.rb
class ApplicationController < ActionController::Base
    include ApplicationHelper
    # include SimpleCaptcha::ControllerValidation
    include ExceptionNotifiable

    helper :all # include all helpers, all the time
    protect_from_forgery # :secret  => 'sdasfagagsa' # See
ActionController::RequestForgeryProtection for details

What is the correct configuration for forgery protection to work
without screwing up the login process!?

Thanks!

Rune

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to rubyonrails-t...@googlegroups.com.
To unsubscribe from this group, send email to 
rubyonrails-talk+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/rubyonrails-talk?hl=en.

Reply via email to