small medium large xlarge

10 Apr 2009, 22:06
drub (6 posts)

Working through the 3rd edition book …

Page 100

I found the :secret line in config/initializers/session_store.rb. The book says to find it in config/environment.rb. Is this a book erratum?

Page 100

The book says to uncomment the line beginning with protect_from_forgery, in the file app/controllers/application.rb. I found this line in the application_controller.rb file. Is this a book erratum?

After making the change, an error was displayed in my app ActionController::InvalidAuthenticityToken. Looked around the web for coaching. A suggestion was made to add this: ` protect_from_forgery :only => [:create, :update, :destroy] ` Added this to app/controllers/store_controller.rb and the error message was no longer displayed.

Most recent error: Couldn’t find Product without an ID The id is displayed in the error trace: “id” => “5”, so it appears evident that the :id => product parameter was added to button_to in app/views/store/index.html.erb. visual inspection confirms it is there. See page 102.

I’m confused. What the heck is going on?

My environment:

  • jruby -v : jruby 1.2.0 (ruby 1.8.6 patchlevel 287) (2009-03-16 rev 9419) [x86-java]
  • jruby -S rails -v : Rails 2.3.2 Many thanks! David
10 Apr 2009, 22:10
drub (6 posts)

Sorry, typo …

Should have read: id => product parameter was addedd … “

13 Apr 2009, 00:19
Eugene Magdel (4 posts)

I have the same problem! Please HELP!!!! :(

13 Apr 2009, 01:49
Eugene Magdel (4 posts)

My solution :) Instead of hitting refresh, actually revisit the site again! duah! I can post a source code if anyone has a problem with that part, everything works perfectly!

13 Apr 2009, 11:53
Sam Ruby (634 posts)

If you are using Rails 2.3, I’d suggest looking at this page first.

You shouldn’t need that @protect_from_forgery@ change, at most simply hitting refresh on the form itself and then proceeding is all that is needed.

More info (complete traceback, relevant portions of store_controller.rb) would be helpful in determining what the underlying problem is with not being able to find the product based on id.

26 Apr 2009, 17:25
Sergio Aristizábal (1 post)

I had the same problem, but I think it’s something misunderstood on page 107. You shouldn’t uncomment the line: # ActionController::Base.session_store = :active_record_store on session_store.rb.


04 May 2009, 21:27
M Daimler (1 post)

What Sam said, but, I had to clear my session cookie in Firefox: Tools > Web Dev > Cookies > Delete Domain Cookies

I had loaded the store before I changed to DB sessions (so I got a session cookie) and that was messing things up.

28 Jun 2009, 23:48
keith vaitkus (4 posts)

Wow this was frustrating…

Using 2.3.2 and Firefox on MacOS 10.5.

I started getting this InvalidAuthenticityToken error with the Store controller as soon as I made the changes in 8.1 (which I noticed in section 8.2). I went back to my /products/ controller and got the same error every time I tried to create a new item or edit an item. Folks on the internet said this was an intermittent problem but I was getting it every time and reloading the page did not help.

After using the protect_from_forgery work-around folks suggested above, I noticed that I could never get more than 1 item in my cart. Seems my session was being created each time I added an item.

rake db:sessions:clear and restarting my server did not help.

M Daimler’s suggestion of clearing my cookies in Firefox did finally help!

Thanks MD.

19 Aug 2009, 16:49
Michael Toppeta (1 post)

This is weird, but my rails clearly says it’s version 2.2.2 and uncommenting the protect_from_forgery gives me the InvalidAuthenticityToken error. Leaving it commented though, seems to work fine. (I waited to make sure my cart contents were being stored, so it ‘seems’ to work at this point). Just thought this was strange and inexplicable given the version. -Michael

You must be logged in to comment