How often is the authenticity token updated?
The latest error that I got was a submittal of a form, an model validation occured, I click back, make the correction, resubmit the form, then I get an InvalidAuthenticityToken error.
Somewhat off topic If a person is using the authenticity tokens is there still a need to use some sort of captcha?
Thanks
How often is the authenticity token updated?
The latest error that I got was a submittal of a form, an model validation occured, I click back, make the correction, resubmit the form, then I get an InvalidAuthenticityToken error.
They are tied to the session id (non cookie store) or from the crsf_id in the session (cookie store). if something is killing the session that will do it
Somewhat off topic If a person is using the authenticity tokens is there still a need to use some sort of captcha?
captcha and authenticity tokens are for completely different things. Authenticity tokens are for guarding against crsf attacks, captchas are for preventing computer programs automatically doing stuff with your web app.
Fred
Hi,
I'm also getting InvalidAuthenticityToken errors. Usually this happens after some time. I was doing the usual gets and posts, then after some time I'll get an InvalidAuthenticityToken error. My logs showed that the tokens are exactly the same. Does this mean that the authenticity token is tied to the sessions? When the session ends, the authenticity token needs to be renewed?
Zan
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks