Rails 2.0.2
SQL Server 2000 database
SQL Server AR adapter 1.0 using ODBC
Apparently the new default session store is cookie based. I was using
the ActiveRecord based session store and would like to continue to do
so.
It appears that session data is not being written to my sessions table
as used to be the case under 1.2.6.
My environment.rb file has the following:
Rails::Initializer.run do |config|
...
config.action_controller.session_store = :active_record_store
...
end
Is this directive no longer sufficient for forcing the session store to
be a DB table named "sessions"? If that is the case, what is the
correct way to specify the AR session store?
I just created a simple test application and set it up to use the
database for session storage.
Step 1: config/environment.rb
# Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information
# (create the session table with 'rake db:sessions:create')
config.action_controller.session_store = :active_record_store
Step 2: controllers/application.rb
# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
protect_from_forgery :secret => '5c0cf093b4866f589b91a08c048f7bfa'
Step 2: controllers/application.rb
# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
protect_from_forgery :secret => '5c0cf093b4866f589b91a08c048f7bfa'
OK, so if I just copy and paste that line into my application.rb, I get
the exception:
ActionController::InvalidAuthenticityToken
Obviously, this token needs to be generated somehow locally by me - can
you point me at any documentation that explains how to do that?
Thanks,
Wes
eventho this is kinda old, i'd like to point out that maybe you should
clear your cookie, reload the page and try again. i think it should
create a new cookie with a correct token to associate with the session
on the database.