Bypassing session integrity check

11175 · August 30, 2008, 10:15pm

I've a PDA application that posts data to a RoR web app. But I don't include a 'authenticity_token' field and the server is returning 'The change you wanted was rejected'. Removing 'config.action_controller.session' from environment.rb doesn't seem to work. Is there any way to tell RoR to ignore the session check for a set of controller actions?

Thanks, Mark

11175 · August 30, 2008, 10:23pm

You can use the protect_from_forgery method, found the answer here: http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html

Topic		Replies	Views
How do I ignore the authenticity token for specific actions in Rails? rubyonrails-talk	4	962	March 31, 2022
authenticity_token rubyonrails-talk	2	129	July 28, 2009
protect_from_forgery with db-session (Rails 2.3.2) rubyonrails-talk	1	147	June 22, 2009
How to get a legit ActionController with a nil @session param ... read on rubyonrails-talk	0	114	November 16, 2006
Unable to deactivate forgery protection rubyonrails-talk	2	122	May 5, 2009

Bypassing session integrity check

Related topics

More Resources