John Marountas wrote:
I would appreciate any thoughts or ideas on the following issue:
I have a RoR application with all forms created dynamically.
Unfortunately some times when you hit the back button of the browser and
try to login via the Login form an error message will come with “Invalid
Can anyone suggest what is wrong or had any similar experience before ?
Sample output from form_tag:
<form action="/home/index" method="post"> <div
style="margin:0;padding:0"> <input name="authenticity_token"
type="hidden" value="f755bb0ed134b76c432144748a6d4b7a7ddf2b71" /> </div>
Form contents </form>
If you carefully observe this output, you can see that the helper
generated something you didn’t specify: a div element with a hidden
input inside. This is a security feature of Rails called cross-site
request forgery protection and form helpers generate it for every form
whose action is not “get” (provided that this security feature is
enabled). You can read more about this in the Ruby On Rails Security