InvalidAuthenticityToken means the token embedded in the form doesn’t match your session. While meant to be a security measure (preventing certain XSS attacks) I often see it cropping up by accident when your session changes (expires, reset due to logout, etc). Are you certain that the raising of the token is an error? It may be correct behavior for the events that proceeded it and maybe just needed a prettier color of paint to make it user friendly.