I'm having the same problems on a production website. It has several hundreds of visitors each days and this error occurs occasionally (more or less 1-3 times a week). Looking at the logs I see it is an actual visitor doing 'normal' things. I also saw a visitor that had it several times in a short period (with different authenticity tokens).
I can't seem to find the reason. We're using the database for storing the sessions (ActionController::Base.session_store = :active_record_store). We're using a 128 character session key. Any ideas? Thanks Matthias On Oct 8, 10:40 pm, drewB <[email protected]> wrote: > A few times a week we get an > ActionController::InvalidAuthenticityToken exception from our app (not > all from the same action or controller). I understand why > protect_from_forgery exists and am not interested in disabling it. I > am quite certain this is not from actual attacks on our site but not > sure why users are consistently triggering it. The number of users it > impacts is very small but still would be nice to know how to reduce > them or at least why it is happening. > > Any ideas? > > Thanks, > Drew -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
