我最近从在cookie中存储会话数据切换到将其存储在数据库中。
现在每个POST请求都会导致 ActionController :: InvalidAuthenticityToken 错误。它只发生在Firefox中,并且仅在我的家用机器上(我今天在同一版本的FF中尝试了它,一切都很好)。这让我相信这与我昨天删除的cookie有关...
这是environment.rb的相关部分:
# Your secret key for verifying cookie session data integrity.
# If you change this key, all old sessions will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
config.action_controller.session = {
:session_key => '_basillslam_session',
:secret => '373ee5b69a4a31d3318485fs368c41fac6b797a1f5c35693b49bd34e8a96291b92dd577bd49de7aeea56c9ffa1af2d8386bafe857220cafacfa0028f01be357d78'
}
# Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information
# (create the session table with 'rake db:sessions:create')
config.action_controller.session_store = :active_record_store
在application.rb中:
protect_from_forgery :secret => 'f1d54db45b47ec94a6a54b1e744fafa6'
以下是抛出错误的完整跟踪部分:
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/request_forgery_protection.rb:79:in `verify_authenticity_token'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:469:in `send!'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:469:in `call'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:441:in `run'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:716:in `run_before_filters'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:695:in `call_filters'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:689:in `perform_action_without_benchmark'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
C:/INSTAN~1/ruby/lib/ruby/1.8/benchmark.rb:293:in `measure'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/rescue.rb:199:in `perform_action_without_caching'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/caching.rb:678:in `perform_action'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/activerecord-2.0.2/lib/active_record/connection_adapters/abstract/query_cache.rb:33:in `cache'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/activerecord-2.0.2/lib/active_record/query_cache.rb:8:in `cache'
[etc. ... ]
以前有人经历过这个吗?或者有人知道为什么会这样吗?
答案 0 :(得分:3)
当我切换我的一个网站时,发生了同样的事情。在您的家庭Firefox浏览器中删除该站点的Rails会话cookie。
只有在您使用cookie存储的预先存在的会话时才会发生这种情况。所以,希望只有您和您的浏览器才能看到问题。删除cookie后,您再也不会看到错误了。
使用数据库中的会话并且只有随机密钥映射到浏览器cookie中的该会话,不再需要会话保护魔法。
答案 1 :(得分:1)
感谢Otto,我现在知道发生这种情况的原因。虽然,我能够通过在正在发布的表单中编写<%= token_tag %>来解决问题。 token_tag在表单中放置一个包含真实性标记的隐藏字段,因此 ActionController :: InvalidAuthenticityToken错误消失。
答案 2 :(得分:1)
如果您的应用上有多个用户,那么删除所有Cookie并不容易。 当您切换到数据库存储时,为了防止cookie和数据库存储之间的会话数据冲突,您也可以更改
config.action_controller.session[:session_key]