InvalidAuthenticityToken problems with my login form

I am trying to convert my codeand to use the new Rails 2.0 feature
RequestForgeryProtection
but I get an InvalidAuthenticityToken error, right from the beginning
with my login form..

I followed the recommandations :

in my environment.rb
config.action_controller.session = {
   :session_key => 'myappname',
   :secret => '6de86b5566d7598f57e757960760acd2'
}

in my application.rb
protect_from_forgery :secret => '6de86b5566d7598f57e757960760acd2'

my sessions_controller.rb doesn't have anything new inside... same
code
as used with rails 1.2
(is it right ?)

Does your form include the token ?

Fred