Hello,
Using Rails 2.0.2, I have an issue with page caching and protect_from_forgery :
In application.rb, I have this
protect_from_forgery :secret => ‘1c8b953667056f1a3c324d6b369f6158’, :only => [:create, :edit, :update]
In my generated page, I have both
//<![CDATA[
3window._token = ‘8d171d263aa1b98e74e79e44d34c16d3afe63a82’
4//]]>
in the header, and
<form action="/2007/05/01/test-picture-on-the-right/comments" class="comments" id="commentform" method="post" onsubmit="new Ajax.Updater({success:'commentList'}, '/2007/05/01/test-picture-on-the-right/comments', {asynchronous:true, evalScripts:true, insertion:Insertion.Bottom, onComplete:function(request){complete(request)}, onFailure:function(request){failure(request)}, onLoading:function(request){loading()}, parameters:Form.serialize(this)}); return false;"><div style="margin:0;padding:0"><input name="authenticity_token" type="hidden" value="97a06903e4515f5d3c60efe839f45f274596750c" /></div>
And still in application controller
if !session
session :session => new
end
Unfortunately, I keep having error 500 everytime I try to post a comment. Here is the error dump :
NoMethodError (undefined method `session_id' for {}:Hash):
/vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb:126:in `authenticity_token_from_session_id'
/vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb:108:in `form_authenticity_token'
/vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb:98:in `verified_request?'
/vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb:86:in `verify_authenticity_token'
Any idea about what happens ?
Regards,
Frédéric