small medium large xlarge

15 Jun 2008, 01:04
James West (104 posts)


I have deployed the depot app to a shared hosting environment at eukhosts.

I have managed after great trial and error to actually get the app to run in this environment but the cart is not behaving the way it should do.

If I press the add to cart button nothing happens! Sometimes!

I have noticed that if I refresh the web page then press the add to cart button twice the cart will appear but then nothing will happen until I refresh the web page again.

Basically I have to refresh the web page then press an add to cart button twice (in fact this happens with the empty cart button as well) in order to get it to do anything.

I suspect this is something to do with the set up on the server as the app works fine on my local machine.

If anyone has any ideas at all as to what could be causing this it would massively help my learning curve.

If you want to see what I mean then have a look at

I am thinking that the problem maybe session related but I just have not got my head round the security bit yet.

Any help would be greatly appreciated as I am thinking that I am almost ready to start developing my own app and the deployment and security aspect is the kinda the last thing I need to understand. (Well almost the last thing)

15 Jun 2008, 14:12
James West (104 posts)

Another clue to my problem might be in the ActionController::InvalidAuthenticityToken error I get if I try to log in using the users form.

I have set up a user (actually the default user as per the book but am completely unable to log in due to the error.

Anyway, any help would be good

15 Jun 2008, 18:20
James West (104 posts)

O.K. I’m starting to get the hang of this now.

I sussed out that I needed to have a look in the logs and I found this

Processing StoreController#add_to_cart (for at 2008-06-15 19:14:02) [POST] Session ID: BAh7CToRb3JpZ2luYWxfdXJpIg4vcHJvZHVjdHM6CWNhcnRvOglDYXJ0BjoL%0AQGl0ZW1zWwZvOg1DYXJ0SXRlbQc6DkBxdWFudGl0eWkJOg1AcHJvZHVjdG86%0ADFByb2R1Y3QHOhZAYXR0cmlidXRlc19jYWNoZXsAOhBAYXR0cmlidXRlc3sM%0AIg5pbWFnZV91cmwiFS9pbWFnZXMvYXV0by5qcGciD3VwZGF0ZWRfYXQiGDIw%0AMDgtMDYtMDUgMTM6NDY6NTgiCnRpdGxlIiFQcmFnbWF0aWMgUHJvamVjdCBB%0AdXRvbWF0aW9uIgpwcmljZSIKMjkuOTUiB2lkIgYxIhBkZXNjcmlwdGlvbiIC%0A%2FgE8cD4KICAgICAgIDxlbT5QcmFnbWF0aWMgUHJvamVjdCBBdXRvbWF0aW9u%0APC9lbT4gc2hvd3MgeW91IGhvdyB0byBpbXByb3ZlIHRoZSAKICAgICAgIGNv%0AbnNpc3RlbmN5IGFuZCByZXBlYXRhYmlsaXR5IG9mIHlvdXIgcHJvamVjdCdz%0AIHByb2NlZHVyZXMgdXNpbmcgCiAgICAgICBhdXRvbWF0aW9uIHRvIHJlZHVj%0AZSByaXNrIGFuZCBlcnJvcnMuCiAgICAgIDwvcD4KICAgICAgPHA%2BCiAgICAg%0AICAgU2ltcGx5IHB1dCwgd2UncmUgZ29pbmcgdG8gcHV0IHRoaXMgdGhpbmcg%0AY2FsbGVkIGEgY29tcHV0ZXIgdG8gd29yayAKICAgICAgICBmb3IgeW91IGRv%0AaW5nIHRoZSBtdW5kYW5lIChidXQgaW1wb3J0YW50KSBwcm9qZWN0IHN0dWZm%0ALiBUaGF0IG1lYW5zIAogICAgICAgIHlvdSdsbCBoYXZlIG1vcmUgdGltZSBh%0AbmQgZW5lcmd5IHRvIGRvIHRoZSByZWFsbHkgCiAgICAgICAgZXhjaXRpbmct%0ALS1hbmQgZGlmZmljdWx0LS0tc3R1ZmYsIGxpa2Ugd3JpdGluZyBxdWFsaXR5%0AIGNvZGUuCiAgICAgIDwvcD4iD2NyZWF0ZWRfYXQiGDIwMDgtMDYtMDUgMTM6%0ANDY6NTg6DHVzZXJfaWQwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%0AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA–76862eb4d5dd61ef321e63f14ccd3b66bf74e608 Parameters: {“commit”=>”Add to Cart”, “authenticity_token”=>”9bc9d21352997c2c87aa3d1bfca8dc952c471148”, “action”=>”add_to_cart”, “id”=>”2”, “controller”=>”store”}

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/request_forgery_protection.rb:79:in verify_authenticity_token' /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:469:in send!’ /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:469:in call' /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:441:in run’ /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:716:in run_before_filters' /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:695:in call_filters’ /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:689:in perform_action_without_benchmark' /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/benchmarking.rb:68:in perform_action_without_rescue’ /usr/lib/ruby/1.8/benchmark.rb:293:in measure' /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/benchmarking.rb:68:in perform_action_without_rescue’ /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/rescue.rb:199:in perform_action_without_caching' /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/caching.rb:678:in perform_action’ /usr/lib/ruby/gems/1.8/gems/activerecord-2.0.2/lib/active_record/connection_adapters/abstract/query_cache.rb:33:in cache' /usr/lib/ruby/gems/1.8/gems/activerecord-2.0.2/lib/active_record/query_cache.rb:8:in cache’ /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/caching.rb:677:in perform_action' /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/base.rb:524:in send’ /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/base.rb:524:in process_without_filters' /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:685:in process_without_session_management_support’ /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/session_management.rb:123:in process' /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/base.rb:388:in process’ /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/dispatcher.rb:171:in handle_request' /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/dispatcher.rb:115:in dispatch’ /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/dispatcher.rb:126:in dispatch_cgi' /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/dispatcher.rb:9:in dispatch’ /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel/rails.rb:76:in process' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel/rails.rb:74:in synchronize’ /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel/rails.rb:74:in process' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel.rb:159:in process_client’ /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel.rb:158:in each' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel.rb:158:in process_client’ /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel.rb:285:in run' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel.rb:285:in initialize’ /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel.rb:285:in new' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel.rb:285:in run’ /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel.rb:268:in initialize' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel.rb:268:in new’ /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel.rb:268:in run' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel/configurator.rb:282:in run’ /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel/configurator.rb:281:in each' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel/configurator.rb:281:in run’ /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/mongrel_rails:128:in run' /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/../lib/mongrel/command.rb:212:in run’ /usr/lib/ruby/gems/1.8/gems/mongrel-1.1.4/bin/mongrel_rails:281 /usr/bin/mongrel_rails:16:in `load’ /usr/bin/mongrel_rails:16

Product Columns (0.070822) SHOW FIELDS FROM products Rendering /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/templates/rescues/layout.erb (unprocessable_entity)

So it looks like I have an authentitcity token issue.

Any pointers as to what would cause this?

17 Jun 2008, 12:26
James West (104 posts)

Does anyone have any ideas? I have come to a complete dead end with this.

What I don’t understand is why the token would be OK after hitting the refresh to load my browser for one click only. Could this be something to do with sessions?

17 Jun 2008, 13:57
Sam Ruby (633 posts)

Unfortunately, I’ve not seen this.

Placing the following in app/controllers/application.rb should make the symptoms go away:

17 Jun 2008, 15:14
James West (104 posts)

Thank you Sam. I will give it a go and get back to you.

When you say you have not seen this are you saying that when you visit my link you don’t see th problem or that you have not come up against this before?

I would love to understand what is actually happening as it may well help me fix problems in the future.

17 Jun 2008, 16:42
James West (104 posts)

Hi, Problem solved and thanks for the help. On inspecting the application.rb I found that the :secret after the protect_from_forgery call was not commented out!

I have it commented out on my PC and I really do not understand how this happened but on placing the comment back in all is working brilliantly.

Thanks for the pointer and I hope this helps in understanding cause and effect on this issue.


26 Jun 2008, 13:40
David Wilbur (50 posts)

“On inspecting the application.rb I found that the :secret after the protect_from_forgery call was not commented out!”

if your using the current version (2.1.0) of rails there is no comment in the config/environment.rb that if your going to use database sessions, and uncomment the line to start using database sessions…

@ # Use the database for sessions instead of the cookie-based default,@ @ # which shouldn’t be used to store highly confidential information@ @ # (create the session table with “rake db:sessions:create”)@ @ config.action_controller.session_store = :active_record_store@

and also comment out the cookie based above it…

@# config.action_controller.session = {@ @# :session_key => ‘_my_comments_session’,@ @# :secret => ‘mySecretLongNumber’@ @# }@

that you also need to as of this version (2.1.0) also go to the app/controllers/application.rb and change this line:

@# See ActionController::RequestForgeryProtection for details@ @ # Uncomment the :secret if you’re not using the cookie session store@ @ protect_from_forgery # :secret => ‘1c46b40e2af775f5762f4c2edec62c45’@

to this:

@ protect_from_forgery :secret => ‘1c46b40e2af775f5762f4c2edec62c45’@

otherwise database sessions have an issue in a new 2.1.0 project. if the project was created in 2.0.2 then even if you have updated rails to 2.1.0 everything works as it did prior in that project. thus, if your not starting one of the examples from scratch (ie: the rails project is from a prior version then 2.1.0), then you will not see this issue.

i hope that was clear…

26 Jun 2008, 20:40
James West (104 posts)

Hi David

This was an ror 2.0.2 app using the previous version of the book. I have just started a third iteration using the latest book version on Rails 2.1.0

I think that’s clear.

What I didn’t understand was why the app behaved differently when deployed.

Basically what you are saying is that I got it wrong by placing the comment back in and that the problem lies else where. I think I’ll just see where this iteration leads me and bear in mind what you are aying about the environment.rb

Once I have the security bit sorted I’ll deploy straight away and see if I run into the same problem.

Thank you for the info it is greatly appreciated


You must be logged in to comment