small medium large xlarge

31 Dec 2008, 03:26
Charlie Bright (3 posts)

I was doing OK until I started trying to implement sessions. Anyone else has this problem or have any help

ActionController::InvalidAuthenticityToken in StoreController#add_to_cart


RAILS_ROOT: /home/cbright8470/chbdepot Application Trace | Framework Trace | Full Trace



{“authenticity_token”=>”7e9e8fb8d3ae6ad49366ab0b32cc1e462ce6c981”, “id”=>”5”}

Show session dump

:cart: !ruby/object:Cart items: {}

flash: !map:ActionController::Flash::FlashHash {}



{“cookie”=>[], “Cache-Control”=>”no-cache”}

09 Jan 2009, 06:41
Terjin TJ Dhillon (13 posts)

Double check if you have run the rake task to create a sessions table in your db.

Important thing to remember is that the this rake task –> rake db:sessions:create only creates the migration which you then have to subsequently run by running rake db:migrate.

Secondly, ensure that you have uncommented the line that starts with config.action_controller.session_store = :active_record_store in your environment.rb file.

Lastly in your application controller, make sure your have your secret uncommented. At first inspection, it looks like the line is uncommented because the # sign is after the protect_from_forgery method.

Hopefully this helps. Retracing your steps is a pain, but has always helped me out in the past!

27 Feb 2009, 12:22
Chris Takakuwa (1 post)

After checking all of those things, try dumping your old sessions (both browser and sessions table - rake db:sessions:clear)and re-open page.

19 Jun 2009, 21:37
gene nardi (1 post)

my environment.rb file did not containt the config.action_controller.session_store line. Nor did it include the method of the same name.

app/controllers/application.rb does not exist but there is a app/controllers/application_controller.rb which does not contain the protect_from_forgery line.

Ruby 1.9.1p129 Rails 2.3.1 rake 0.8.7

as chapter states I ran: rake db:sessions:create rake db:migrate

Did I miss something or is it possibly a problem with the distribution combination I’m using? Probably the former. Thanks

09 Sep 2009, 15:03
Neal Howarth (1 post)

I had the same problem as Gene.

Apparently the config.action_controller.session_store line is now located at: config/initializers/session_store.rb - named ActionController::Base.session_store = :active_record_store

What was protect_from_forgery is above this in the same file.

Hope it helps

21 Nov 2009, 01:37
Louis Sherwin (2 posts)

For anyone else that encounters this problem check all the items that Terjin describes don’t forget to stop and restart the server.


29 Nov 2009, 20:48
Lucca Mordente (2 posts)

If none of all the items described by Terjin works, try to add: @protect_from_forgery :only => [:create, :update, :destroy]@ to the top of the store_controller.rb file

29 Nov 2009, 20:58
Lucca Mordente (2 posts)

It worked for me, but I’m concerned about whether it’s necessary or not a forgery protection to add_to_cart action. Opinions?

You must be logged in to comment