small medium large xlarge

Generic-user-small
26 Mar 2009, 23:26
Richard Delph (8 posts)

Hi guys, just a quick one… Running Rails 2.3.2 and following the depot tutorial in the pdf book (P1.0) and I’m seeing this error about an invalid authenticity token when clicking the ‘add to cart’ button after following all the steps in section 8.1. I’ve cleared all the sessions and restarted the server several times with no joy so did some hunting around and can only seem to find the following solution which solves my initial problem but not the bigger picture! Nicholas Arnott posted this a while back on these forums, add the following to the store_controller class

protect_from_forgery :only => [:create, :update, :destroy]

Now while this fixes my ‘add to cart’ action it doesn’t fix my invalid authenticity token issue when adding/updating/deleting existing products, so this leaves me stumped. I can’t find anything anywhere about this issue apart from clearing sessions or a secret key which 2.3.2 has depreciated. Any help is much appreciated.

Kind Regards Richard Delph

Generic-user-small
26 Mar 2009, 23:36
Richard Delph (8 posts)

One thing I notice too is the last character of the authenticity token itself always appears to be an equals sign e.g. ‘km0jXpU5H9JCTMP52Rb0i7iWLq2tKW6UsfTsNiikyCI=’ whereas this doesn’t seem to be the case with other peoples traces I see! Strange, or not?

Generic-user-small
26 Mar 2009, 23:50
Richard Delph (8 posts)

So now I’ve jumped over the ‘invalid authenticity token’ hurdle by adding the following line to my development.rb file in config/environments/ config.action_controller.allow_forgery_protection = false

I know this is highly dangerous in production but hey I can’t waste time whilst reading this book, need to get cracking! Now the problem is that when I add a new product to the cart it creates a new session for each item which I can see happening whilst monitoring the sessions table in the db. What the hell is happening now, how strange indeed! Will post more as I find out!

Generic-user-small
28 Mar 2009, 01:39
Richard Delph (8 posts)

So I reverted to the default cookie store instead of the db, however when adding more than 3 of the items I get an error because the max size constraint of the cookie session data is 4096 bytes and as expected it fills pretty quickly when adding whole objects to this data store. The issue still exists so the only option I’m left with is to downgrade to 2.2.2 and start the app again which would only take about 20 - 30 mins to get to where I’m at however that leaves me behind a version on rails - as I’m only beginning I don’t know if being behind a version is a bad thing or not, what’s the general consensus on that one?

Generic-user-small
02 Apr 2009, 03:21
Richard Delph (8 posts)

Seemed to have sorted it, just comment out the line

protect_from_forgery

in the application controller and the db session store works fine…

hope this helps if anyone has the same problem!

cheers Rich

Generic-user-small
22 Jun 2009, 14:46
Christopher Reeves (1 post)

Hi Richard

I have just been working through the exact same book, and I have found that this problem occurs when a cookie already exixts in your browser that has already used the cookie store in rails 2.3 as they use different authenticity keys. Simply remove the cookie from your browser and all will work well.

Make sure you put back protect_from_forgery, not a good thing to remove.

Chris

Generic-user-small
22 Jun 2009, 17:30
Tony Ha (1 post)

Hi Richard

I had the same problem as you did, but it is working when using IE7 or Chrome!

Chris: I tried to clear all the cookie in Firefox 3.0.11 using tools->web-developer->cookies and refresh the browser, but the problem still there!

Tony.

Generic-user-small
29 Jun 2009, 16:30
Saurabh Sharan (1 post)

Same problem happened to me, but clearing cookies and restarting webserver fixed it. Using Safari 4 (final).

You must be logged in to comment