The Authenticity Token is a value that is inserted in to forms (when using the form_for helper) that is then checked when the submit request is sent. It helps prevent CSRF attacks.
What is likely happening is that you're generating your own form and not including the token (which you can do by inserting a hidden field and using the authenticity_token helper). You can learn more about CSRF and Rails' protection at: http://en.wikipedia.org/wiki/Cross-site_request_forgery http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf Cheers, Andy -- Andy Jeffries http://andyjeffries.co.uk/ #rubyonrails #mysql #jquery Registered address: 64 Sish Lane, Stevenage, Herts, SG1 3LS Company number: 5452840 On 22 February 2010 17:01, Tom Ha <[email protected]> wrote: > Hi there, > > I have my first Rails app running and I regularly get the following > "logged_exception" error message: > > "ActionController::InvalidAuthenticityToken" > > Has anybody an idea what might cause this problem? Could it somehow be a > "time out" error (like an "AuthenticityToken" which might expire after a > certain time, or something along those lines)? > > Any idea how that error could be prevented from occurring? > > The "backtrace" always starts like this: > > ================= > > /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.3/lib/action_controller/request_forgery_protection.rb:79:in > `verify_authenticity_token' > > > /usr/lib/ruby/gems/1.8/gems/activesupport-2.3.3/lib/active_support/callbacks.rb:178:in > `send' > > > /usr/lib/ruby/gems/1.8/gems/activesupport-2.3.3/lib/active_support/callbacks.rb:178:in > `evaluate_method' > > > /usr/lib/ruby/gems/1.8/gems/activesupport-2.3.3/lib/active_support/callbacks.rb:166:in > `call' > ... > ================= > > Thanks for any help with this! > Tom > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<rubyonrails-talk%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
