0

Devise is logging out my users when PayPal posts to the 'return' url. Is there a way for paypal to post to the 'return' url and have the user stay logged in?

I presume this is because the session identifier is not present in the paypal post. But shouldn't there be a way for the user to stay logged in?

Scott Schulthess
  • 2,853
  • 2
  • 27
  • 35
pixelearth
  • 13,674
  • 10
  • 62
  • 110

1 Answers1

4

This can also happen if paypal doesn't include the correct CSRF meta parameters required by your application. If you post to a rails app without providing the correct CSRF parameters, your session gets deleted. This sounds like what is happening. One way to solve this is to disable the CSRF meta protection for the paypal post action

Look here for how to disable, if this is indeed happening

https://stackoverflow.com/a/5669377/68393

Community
  • 1
  • 1
Scott Schulthess
  • 2,853
  • 2
  • 27
  • 35
  • 2
    +1 I agree with Scott--look at *all* the http headers coming in from the PayPal redirect before jumping to conclusions on what the cause of the problem is. – Larry K Jul 05 '12 at 18:03
  • will look into this and accept this answer if this is the case, which it sounds like it is. thanks for posting. – pixelearth Jul 09 '12 at 01:25