stackoom
  简体   繁体   中英

ActionController::InvalidAuthenticityToken in Devise::SessionsController#create error

 原文  2015-05-10 00:40:00       ruby-on-rails/ devise

Question

I'm having a problem with logging in that I didn't have before. Up until today I was able to log in with no issues. Suddenly, when I try to log in I get: 

ActionController::InvalidAuthenticityToken
def handle_unverified_request
  raise ActionController::InvalidAuthenticityToken
end

Here's the development log: 

Processing by RegistrationsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"kLm2udi5jHmIQbva2h1HH9IExxFo1qt/p1u9UTjtBQaeHr/23gcrSfTyJdRvhIKYJWh/MyUbSY2zf0vHU8qA9A==", "user"=>{"first_name"=>"John", "last_name"=>"Mack", "username"=>"johnmack", "email"=>"john@mack.com", "password"=>"[FILTERED]", "avatar_cache"=>""}, "commit"=>"Sign up"}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
  actionpack (4.2.1) lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
  actionpack (4.2.1) lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
  devise (3.4.1) lib/devise/controllers/helpers.rb:251:in `handle_unverified_request'
  actionpack (4.2.1) lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'

Up until an couple hours ago I had no trouble logging in and out. I've tried clearing browser data, logging in from multiple browsers, restarting the server, dropping and recreating the db, and reverting my code back to what it was two days ago. I get the same error.

I'm using Rails 4.2 and Devise 3.

Is there something I'm missing here?

Thank you.

1 answers

solution1
 1 ACCPTED  2015-05-25 15:30:09

I ended up tracing the issue to how I was setting the session store to enable cross subdomain authentication. Originally I had this: 

HeartbeatPods::Application.config.session_store :cookie_store, key: '_Heartbeat-pods_session', domain: ENV["HEARTBEAT_HOSTNAME"], tld_length: 2

I changed it to this: 

if Rails.env.production?
    Rails.application.config.session_store :cookie_store, key: '_Heartbeat-pods_session', domain: :all
else
    Rails.application.config.session_store :cookie_store, key: '_Heartbeat-pods_session'
end

The original solution supported cross subdomain auth on my local system but ended up borking. The updated solution only supports cross subdomain auth on the production set up.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ActionController::InvalidAuthenticityToken in SessionsController#create error From WEBrick to Apache2 & Passenger, got ActionController::InvalidAuthenticityToken in SessionsController#create NameError in Devise::SessionsController#create Rails Devise LDAP Error: NoMethodError in Devise::SessionsController#create ActionController::UrlGenerationError in Devise::SessionsController#create / Trying to Create 2 Signup Access with devise Unable to sign in for a user resource - NoMethod error in devise/sessionsController#create Devise error - ActionController::InvalidAuthenticityToken ArgumentError in ActiveAdmin::Devise::SessionsController#create rails 4 : NoMethodError in Devise::SessionsController#create Faraday::ConnectionFailed in Devise::SessionsController#create
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM