Rails4 ActionController::InvalidAuthenticityToken error

前端 未结 6 2293
醉酒成梦
醉酒成梦 2021-02-13 00:07

I have Rails4 application running in production, and my visitors run occasionally into ActionController::InvalidAuthenticityToken error, which I cant reproduce. I get 2-4 daily

6条回答
  •  逝去的感伤
    2021-02-13 00:26

    That it happens on sign in makes me suspect something may be wrong on your sign out, triggering the issue for users that sign out and immediately back in again.

    Signing out usually destroys the current user session and replaces it with a new one, invalidating the CSRF tag. Usually this isn't an issue, since the user gets redirected to another page containing the new CSRF tag.

    I can see this being an issue if

    • logout leads to a page that might be cached, either in the browser or a proxy
    • logout is done through AJAX, which in rare instances fails to do the right thing on success, failing to update the CSRF tag

提交回复
热议问题