I have a simple login controller in which I use new/create to do the
login. For create, I have
def create # do login
session[:user_id] = nil
u=params[:user]
user = User.authenticate(u[:name], u[:password])
if user
session[:user_id] = user.id
flash[:info]= 'Login Successful'
redirect_to(:action => "index", :controller=>'main' )
else
flash[:notice] = "Login Failure"
redirect_to new_login_path
end
When I get a login failure, the redirect correctly takes me to the
login screen (new), but when I submit the form I get
ActionController::InvalidAuthenticityToken
There is another thread
http://groups.google.com/group/rubyonrails-talk/browse_thread/thread/cba205f4e3153d5a
that suggested <%= token_tag %>.
I tried that it my form, but no joy. Can't really find much in the
way of docs, couldn't even find token_tag. I know there is mention
of a bug fix which is coming, does anyone know if that is going to
solve this one, or is there some way of working round it other than
disabling protect from forgery
Tony
