我最近从将 session 数据存储在 cookie 中改为将其存储在数据库中。
现在每个 POST 请求都会导致 ActionController::InvalidAuthenticityToken 错误。它只发生在 Firefox 中,并且只发生在我的家用机器上(我今天在工作中在同一版本的 FF 中尝试过,一切都很好)。这让我相信这与我昨天删除的 cookie 有关......
这是environment.rb的相关部分:
# Your secret key for verifying cookie session data integrity.
# If you change this key, all old sessions will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
config.action_controller.session = {
:session_key => '_basillslam_session',
:secret => '373ee5b69a4a31d3318485fs368c41fac6b797a1f5c35693b49bd34e8a96291b92dd577bd49de7aeea56c9ffa1af2d8386bafe857220cafacfa0028f01be357d78'
}
# Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information
# (create the session table with 'rake db:sessions:create')
config.action_controller.session_store = :active_record_store
在application.rb中:
protect_from_forgery :secret => 'f1d54db45b47ec94a6a54b1e744fafa6'
这是完整跟踪中引发错误的部分:
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/request_forgery_protection.rb:79:in `verify_authenticity_token'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:469:in `send!'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:469:in `call'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:441:in `run'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:716:in `run_before_filters'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:695:in `call_filters'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/filters.rb:689:in `perform_action_without_benchmark'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
C:/INSTAN~1/ruby/lib/ruby/1.8/benchmark.rb:293:in `measure'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/rescue.rb:199:in `perform_action_without_caching'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/caching.rb:678:in `perform_action'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/activerecord-2.0.2/lib/active_record/connection_adapters/abstract/query_cache.rb:33:in `cache'
C:/INSTAN~1/ruby/lib/ruby/gems/1.8/gems/activerecord-2.0.2/lib/active_record/query_cache.rb:8:in `cache'
[etc. ... ]
有人以前经历过这种情况吗?或者有人知道为什么会发生这种情况吗?
最佳答案
当我切换网站时,同样的事情也发生在我身上。在您的家庭 Firefox 浏览器中删除该站点的 Rails session cookie。
只有当您有一个使用 cookie 存储的预先存在的 session 时才会发生这种情况。因此,希望只有您和您的浏览器会看到这个问题。删除 cookie 后,您将不会再看到该错误。
有了数据库中的 session ,并且只有一个随 secret 钥可以映射到浏览器 cookie 中的该 session ,就不再需要 session 保护魔法了。
关于ruby-on-rails - protected_from_forgery 与 Firefox,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/493940/