InvalidAuthenticityToken

Sorry about the stupid questions but the csrf_id does not need to equal the authenticity_token right or does it?

Why would it change… what does the csrf_id do?

Sorry about the stupid questions but the csrf_id does not need to equal the authenticity_token right or does it?

No it doesn't. The authenticity token is calculated from the crsf_id (I can't remember the precise algorithm).

Why would it change... what does the csrf_id do?

If the session got squashed or something like that. Have a look and if you can spot the crsf_id changing then you might be able to work out why.

Fred

I have the same exactly problem using a simple login form with Devise... Any solution, or idea of the problem?

Oh man, I went through this a while back, and while it got better, I'm not sure exactly what I did that made it so. I think I rolled back a minor version or two, and all was well. Jobs I have done since then worked just fine with whatever was current, so I think it may have been a wonky minor version. What versions of Ruby, Rails, and Devise are you using, and are you using any of the third-party stuff like Invitable?

Walter

Im using Rails 4.0.2, devise (3.1.1), omniauth (1.1.4), omniauth-facebook (1.4.1), omniauth-twitter (1.0.1), cancan (1.6.10) and ActiveAdmin.

Well, you're many versions ahead of where I was when I hit this issue. I tried all sorts of things at the time, switched to db-backed sessions, fiddled with minor versions, and then _something_ worked. But I remember it was incredibly frustrating , because it would work for a few logins and then return to the problem again. I was deleting cookies, restarting my Mac, trying other browsers... nightmare.

Walter