Got an Internal Rails 2.1.1 app. It is on an intranet and the
computers accessing it do not access any other websites.
I am getting a _lot_ of invalid authenticity errors.
All the pages that are generating the errors are using the rails Form
builder helpers with standard POST actions. So I don't see how I
would be creating so many errors.
I am considering turning this feature off all together, as cross site
scripting is basically impossible if your PC doesn't connect to the
Internet or any other website.
But I would like to know if there is anything I should be looking for
as to why I am getting so many of these errors. Where should I start?
i've got the same (or similar i'm not totally sure) error some time
ago. In my case the reason was a stupid usage of caching. I used a
partial-cache around a link_to-helper which used an authenticity-
token. This token gets outdated after a few hours (or days)...
I'm on 2.2.2 and having this same issue. I don't cache formed pages. All
forms on the website give these token errors after submission after the
users session expires. I'm using form helpers. My key was made by
scaffold and is long and complex. These forms have worked for months as
they are. I'm using activerecord sessions. Refreshing the form doesn't
help, not even quitting IE and going back helps. Only restarting server
software allows you to use the forms again.