Rails4 ActionController::InvalidAuthenticityToken error

Question

I have Rails4 application running in production, and my visitors run occasionally into ActionController::InvalidAuthenticityToken error, which I cant reproduce. I get 2-4 daily

Answer 1

That it happens on sign in makes me suspect something may be wrong on your sign out, triggering the issue for users that sign out and immediately back in again.

Signing out usually destroys the current user session and replaces it with a new one, invalidating the CSRF tag. Usually this isn't an issue, since the user gets redirected to another page containing the new CSRF tag.

I can see this being an issue if

• logout leads to a page that might be cached, either in the browser or a proxy
• logout is done through AJAX, which in rare instances fails to do the right thing on success, failing to update the CSRF tag