I have a simple login controller in which I use new/create to do the
login. For create, I have
def create # do login
session[:user_id] = nil
u=params[:user]
user = User.authenticate(u[:name], u[:password])
if user
session[:user_id] = user.id
flash[:info]= 'Login Successful'
redirect_to(:action => "index", :controller=>'main' )
else
flash[:notice] = "Login Failure"
redirect_to new_login_path
end
When I get a login failure, the redirect correctly takes me to the
login screen (new), but when I submit the form I get
ActionController::InvalidAuthenticityToken
I tried that it my form, but no joy. Can't really find much in the
way of docs, couldn't even find token_tag. I know there is mention
of a bug fix which is coming, does anyone know if that is going to
solve this one, or is there some way of working round it other than
disabling protect from forgery
OK, looking at this a bit more, I can see in the forms that I am
getting a different authenticity token in the form generated by
submitting the url - localhost:3000/login to the one in the form
generated after the redirect.
Now watching the server output, I can see that I am getting a
different Session ID:
The first part is the same, but the last part is very different
You have the secret cookie set, I'm guessing, which means that in
forms, you need to get rails to generate the forms, otherwise they
won't have the hidden authenticity field in the form.
What does your view file look like for users/new.rhtml.erb? Is it
using Rails helpers for the form tag?
Julian.
Learn Ruby on Rails! CHECK OUT THE FREE VIDS (LIMITED TIME) NEW VIDEO
(#2) OUT NOW!
http://sensei.zenunit.com/
