[英]Rails 2.3.12 writes csrf token to session that it is not asked for
I don't use protect_from_forgery
in my application controller, and on my development environment it works as expected, no session is generated. 我不在我的应用程序控制器中使用protect_from_forgery
,并且在我的开发环境中,它按预期运行,因此不会生成任何会话。 But on production environment the CSRF token is written to the session. 但是在生产环境中,CSRF令牌已写入会话。
Session.inspect
gives Session.inspect
给
{:_csrf_token => "duY6ATHEBzYXzg8aXdNF6CZYXicPhlFQdDodjREMwAM=",
:session_id => "25728f624574a1d831b4510b2e7f6c92"}
Why does this happen? 为什么会这样?
I found that in one partial I have 我发现一部分
<% form_tag session_path, :method => :post do -%>
and it writes _csrf_token to session. 并将_csrf_token写入会话。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.