Hi-
I am trying to use AJAX calls to login and logout of my Rails app so that the form renders in the side bar when you are not logged in, and your "profile" renders if you are.
It all works, but when you logout, and try and log back in, you get "ActionController::InvalidAuthenticityToken", in the development.log.
What does this mean, I can't figure out how to fix this??
Thanks!
What if I'm using the cookie_session_store?
Also, if you refresh the page, the problem is fixed. I don't understand this...
Thanks for your feedback.
The generated token is a one time use token. So, if the page is rendered, and the token value is stored on the page, but you interact with the app via ajax, that token becomes invalid. It's a way to guarantee that the page rendered was the one submitted and prevents duplicate posting whether on purpose or via the back button.
You'll have to update the form with a new token as part of the ajax interaction.
Ah, ok, so the suggestion is to add a hidden field with the <%= form_authenticity_token %> in it?
Thanks again, I've been messing with this all day...
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks