It seems the problem stemmed from the session_expiry check:
> for automatical timeout and removal put the following in your > application controller: > # session-timeout after inactivity of one hour. > MAX_SESSION_PERIOD = 1800 > > before_filter :session_expiry #####<-- this was the problem > > # checks and (re-)calculates expiry time for sessions > def session_expiry > # if there is a session[:expiry_time], check it > reset_session if session[:expiry_time] and session[:expiry_time] < > Time.now > # reset expiry_time > session[:expiry_time] = MAX_SESSION_PERIOD.seconds.from_now > return true > end Although I used 1800 seconds, it reset the session before I logged in, rendering the authenticity token invalid. Removing that before filter solved that. I'll have to keep looking into the whole auto-logout thing :) Thanks! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
