Getting InvalidAuthenticityToken errors quite often

How often is the authenticity token updated?

The latest error that I got was a submittal of a form, an model
validation occured, I click back, make the correction, resubmit the
form, then I get an InvalidAuthenticityToken error.

Somewhat off topic
If a person is using the authenticity tokens is there still a need to
use some sort of captcha?

Thanks

How often is the authenticity token updated?

The latest error that I got was a submittal of a form, an model
validation occured, I click back, make the correction, resubmit the
form, then I get an InvalidAuthenticityToken error.

They are tied to the session id (non cookie store) or from the crsf_id in the session (cookie store). if something is killing the session that will do it

Somewhat off topic
If a person is using the authenticity tokens is there still a need to
use some sort of captcha?

captcha and authenticity tokens are for completely different things. Authenticity tokens are for guarding against crsf attacks, captchas are for preventing computer programs automatically doing stuff with your web app.

Fred

Hi,

I'm also getting InvalidAuthenticityToken errors. Usually this happens
after some time. I was doing the usual gets and posts, then after some
time I'll get an InvalidAuthenticityToken error. My logs showed that
the tokens are exactly the same. Does this mean that the authenticity
token is tied to the sessions? When the session ends, the authenticity
token needs to be renewed?

Zan