I got it. This way the server handles no physical session data, everything related with session are stored in cookies. As for the security issue, it encrypt the cookie data with the secret key in the environment.rb. Am I right? But how can I control the expiration period? Say, I want to limit every session within 5 minutes.
On 4月15日, 下午2時43分, "Adam Wiggins" <[EMAIL PROTECTED]> wrote: > On Mon, Apr 14, 2008 at 10:44 PM, mega <[EMAIL PROTECTED]> wrote: > > But I get this after I comment out the :active_record_store > > ActionController::InvalidAuthenticityToken > > Anything I can do ? go back to active_record_store? > > One way to fix it is probably to change your session cookie name to > something else. if it was _myapp_session before, change it to > __myapp_session, or something. > > Alternately, if you don't have a lot of users other than yourself > using the site so far, you can just delete your cookie in your > browser. > > Adam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/heroku?hl=en -~----------~----~----~----~------~----~------~--~---
