Rails 3 - How to pass client-side authentication token, e.g. Sproutcore

Question

Rails 3 - How to pass client-side authentication token, e.g. Sproutcore

I am developing a Sproutcore client web application with the Rails 3 backend. One of the problems I assume is to pass the authentication token along with the message between Sproutcore and Rails.

When is the CSRF token regenerated? Is this for every session? Would it be ok to disable authentication for login requests and then pass the authentication token from the input and store it on the client side for future requests?

+4

ruby-on-rails csrf sproutcore javascriptmvc

jcoffey May 01 '11 at 12:03

source share

1 answer

Caleb · Accepted Answer · 2011-05-16T20:43:03+0000

You can download an authentication token regardless of whether the user is logged in or not. It is stored in the session and does not change after the user logs in, and you do not need to disable authentication. I use this snippet to set a javascript variable:

<%= javascript_tag "var AUTH_TOKEN = #{form_authenticity_token.inspect};" if protect_against_forgery? %>

Rails 3 - How to pass client-side authentication token, e.g. Sproutcore

More articles: