我正在更改api控制器中session的值,但是下次获取session中该变量的值时,它不会反映出来。这是api-controller ......
module Api
module V0
class RecommendationsApiController < ApplicationController
def x
r1 = session[:last_id]
r2 = some_function(r1)
session[:last_id] = r2
#doesn't reflect in the session next time this same function is called, and the old value is shown
#though checking the value of session at this point shows the right value been set in the @delegate part of the session
end
end
end
end
这是session_store.rb
Application.config.session_store :cookie_store, key: '_session_name'
application_controller.rb
protect_from_forgery
after_filter :set_csrf_cookie_for_ng
def set_csrf_cookie_for_ng
cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?
end
protected
def verified_request?
super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
end
这是websiteApp.run函数。
var csrf_token = $cookies['XSRF-TOKEN'];
$http.defaults.headers.common['X-XSRF-TOKEN'] = csrf_token;
我尝试在config内设置令牌,但config块没有$cookies。因此,我们尝试在headers内设置run。
请帮忙。
答案 0 :(得分:0)
您是否针对该行动启用了CSRF验证?如果没有,可能发生的事情是rails出于安全原因正在清理会话。您只应将其停用以执行特定操作:
protect_from_forgery :except => :my_action
或在这种情况下
protect_from_forgery :except => :x