ActionController: InvalidAuthenticityToken Solution

Follow the examples in Agile Web Development in the third edition.

The procedure is as follows:

Rails2.0 enabled in environment. rb

Config. action_controller.session_store =: active_record_store

 

# Use the database for sessions instead of the cookie-based default, # which shouldn't be used to store highly confidential information # (create the session table with "rake db: sessions: create ")

The main purpose is to use a database to save session information. Enable this function.

You must modify the following operations at the same time.

In your environement. rb you have:

Config. action_controller.session = {
: Session_key => '_ myapp_session ',
: Secret => 'secretpass'
}

 

Of course, the book also provides such guidance, but I still encountered this problem.

The reason is as follows:

This involves rails2.0 and later. In order to improve security and prevent forgery of links to the current web program, a random character is embedded in the session so that attackers cannot know, this ensures that no attacks are initiated from CSRF through other website controllers. For more information about CSRF (Cross-site Request Forgery), refer to the following website:

Http://en.wikipedia.org/wiki/Cross-site_request_forgery

Http://isc.sans.org/diary.html? Storyid = 1750.

Solution:

If you follow the steps above, you only need to Turn on request forgery protection. In the controller, enable the request forgery switch for public instance methods. Note that only Html/JavaScript requests that are not Get can ensure the data security of the website.

Protect_from_forgery: partition T =>: index