"Destroy record" call deletes session

Hi,

I have been trying to develop a sample app to create user logins and provide them personalized contact list with several features as of view, delete, edit, send mail, etc. Everything is working fine except the destroy action. Every time I call it, the session[:user] variable is destroyed, thus logging out the user.

Code for destroy is,

def destroy
@contact = Contact.find(params[:id])
@contact.destroy

respond_to do |format|
  format.html { redirect_to contacts_url }
  format.js
end

end

contacts_url is path to the action which lists contacts for the user if session[:user] is valid else it logs out.

Am not able to find the problem. Have been struggling for a day.

I could solve the problem by removing the line,
protect_from_forgery
from the ApplicationController but I am not sure if this is the correct approach. I tried adding the line <%= include_javascripts_tag :defaults %>
but it didn’t help . It says default.js doesn’t exist.

What else could be the solution?

Put some debug code in to find exactly which line clears the session variable.
See the Rails Guide on Debugging for help with how to do this. I
rather suspect it is not the destroy action itself that is doing it.

Colin