Invalid Authenticity Token?

Hi guys,

Before I explain anything here's my setup:

Mac OS X Ruby 1.8.7 from source, RubyGems, Rails 2.3.2, MySQL from source, the ruby mysql adapter gem and mongrel. Firefox 3.07

I'm new to rails and happily understanding everything as I follow through the pragmatic programmers depot application tutorial from their 'agile development with rails v3 p1.0' but one thing has me completely stumped. I am onto the section where we're storing the cart items in the session store, specifically this store is the db. Now when I run rake db:sessions:create & migrate then change the session_store initializer in the environments folder to use the active record store things just break! So here's an excerpt from the code:

  def add_to_cart     product = Product.find(params[:id])     @cart = find_cart     @cart.add_product(product)   end

  private

  def find_cart     session[:cart] ||= Cart.new   end

Easy enough it seems however when the action 'add_to_cart' is called I get a nasty page showing an invalid authenticity token. Here's the request params: {"authenticity_token"=>"x4KicmZNjfb9c+X6prUPu6XLe8QfjB/ uRN+PR0+TNWc=", "id"=>"6"}

So that seems straight forward enough - there is an authenticity token but it's invalid for some reason. I then tried setting the development environment variable config.action_controller.allow_forgery_protection to false which made functionality appear to work, however... when monitoring the db it seems that every time I click add to cart a new session is created!! I'm completely stumped because when I revert so the session store is using the default cookiestore things work great and the items I expect to appear in my cart until the session data is greater than 4kb then it breaks again but that's understandable as we shouldn't be storing objects in the cookie session data so is this then a problem with this release of rails?

Any help is much appreciated I just want to get rocking with rails now and this has held me back all day!

Thanks in advance

Kind Regards Richard Delph

oops, the last paragraph should read:

"I'm completely stumped because when I revert back so the session store is using the default cookiestore things work great and the items I expect to appear in my cart do, until the session data is greater than 4kb then it breaks again but that's understandable as we shouldn't be storing objects in the cookie session data. so this leads to the question is this then a problem with this release of rails?"

Hi,

I doubt this is related to a known bug of latest releases, check it here: https://rails.lighthouseapp.com/projects/8994/tickets/2200-session-support-broken

I got the same invalid token error as you described, and everything works well again after I downgrade to 2.3.0

- Jan

* Richie <richard.delph@gmail.com> [2009-03-26 23:11:42 -0700]:

Had a read through that but couldn't find anything about what's happening here, thanks for posting appreciated. I'm thinking of just starting the app again in rails 2.2.2 it would only take 30 mins to get where I'm at, at least then I could follow the tutorial in the book and upgrade to rails 2.3.2 when I know a more about it, the only downside is that I'm then a version behind the current release or is that even a problem?

Richie wrote:

Had a read through that but couldn't find anything about what's happening here, thanks for posting appreciated. I'm thinking of just starting the app again in rails 2.2.2 it would only take 30 mins to get where I'm at, at least then I could follow the tutorial in the book and upgrade to rails 2.3.2 when I know a more about it, the only downside is that I'm then a version behind the current release or is that even a problem?

Hi, since I upgraded my app to run on Rails 2.3.2 I am having lots of invalid authenticity token errors.

It happens, when: - I launch my server in dev mode - go to a page of my app that has a form (cookie gets set) - submit form, everything works - clear all my cookies in firefox - refresh the page where I had the working form, a new cookie gets set - submit form, it fails - clear cookies and restart the server - refresh page with form - send form, it works again until I clear the cookie

Something got broken! Is it related to the 2.3.2.1 tag problem as in my "gem list" I see versions 2.3.2 of gems.