Rails4 ActionController::InvalidAuthenticityToken error

Question

I have Rails4 application running in production, and my visitors run occasionally into ActionController::InvalidAuthenticityToken error, which I cant reproduce. I get 2-4 daily

Answer 1

I have the same issue as of now. I have been poking around and I noticed that if I turn cookies off (block the domain to be able to use cookies) I will run into a ActionController::InvalidAuthenticityToken everytime I do a POST.

So the user has JS enabled but does not allow cookies.

AFAIK the anti-CSRF token in Rails is sent as a session cookie server side, and then fails since the cookie could not be set.