Why does the post method seem to clear my rail session data?

Question

Why does the post method seem to clear my rail session data?

After the user has logged in and their username has been authenticated and saved in the [: username] session, when submitting the form with the = = post method (using standard html), all session data is cleared and the user is redirected back to the login page This does not happen if the method is set to receive.

Post works when I use the "form_tag" rails that generate these extra lines:

<div style="margin: 0pt; padding: 0pt; display: inline;"> <input type="hidden" value="✓" name="utf8"> <input type="hidden" value="a_bunch_of_gibberish" name="authenticity_token"> </div>

What's happening?

+6

ruby-on-rails ruby-on-rails-3 session

Lee quarella Feb 22 '11 at 19:17

source share

2 answers

This problem can also occur if you create your own html form.

If you are redirected without knowing why, it is because of the "protect_from_forgery" in your ApplicationController

For your form to be published, add the following code to it (or use form_tag , explanation below):

 <form ... > ... <%= hidden_field_tag "authenticity_token", form_authenticity_token %> ... </form>

The reason "form_tag" works is because form_tag creates a hidden field for you =)

+6

Abdo Dec 16 '13 at 13:47

source share

monocle · Accepted Answer · 2011-02-22T19:54:59+0000

Are you using Rails 3.0.4? It looks like this could be due to the CSRF fix .

If you need a fix that suits your needs, you can overwrite #handle_unverified_request in your controller. See https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/request_forgery_protection.rb .

Here is an example where this problem was with OmniAuth and OpenId. (See Section "CSRF Protection In Rails 3.0.4")

Why does the post method seem to clear my rail session data?

More articles: