Hi there, I've been chasing my tail this morning with InvalidAuthenticationToken errors on my signup and login forms. It turns out I'd switched the session_store back to cookies, and had forgotten to recomment the secret param on protect_from_forgery. Bit of a newb mistake.
I'm wondering if the secret param should ever be used when using the cookie session store? If not, should rails raise an error when configured with the cookie store and secret param? I guess same question applies in the inverse - does it ever make sense to not have the secret param passed when not using the session store? Cheers, Tim. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
