1

My application is built using rails 3 and i have added the csrf_meta_tag in application.html.erb.

<%= csrf_meta_tag %>

Authenticity token is changing for different users, but the token is same in the entire session i.e its not changing for each put & post request.

Any idea how to fix this issue?

anil.n
  • 509
  • 2
  • 5
  • 17
  • Did you accidentally cache it? – Kulbir Saini Aug 16 '12 at 04:56
  • That they it works Authenticity token stays same for the entire session. it does not changes for every request as a copy of authenticity in encrypted form is mapped in with your cookies which is used to match against whether the authenticity token is valid or not – Viren Aug 16 '12 at 08:20
  • 1
    @anil.n Just set session[:csrf_token]=nil if you want it to change for every request – Viren Aug 16 '12 at 08:21

1 Answers1

2

Authenticity token stays same for the entire session. it does not changes for every request as a copy of authenticity in encrypted form is mapped in with your cookies which is used to match against whether the authenticity token is valid or not

Just set session[:csrf_token]=nil if you want it to change for every request

Just cross check this I know this work but done it long back

Also just check if this link for more info

Community
  • 1
  • 1
Viren
  • 5,812
  • 6
  • 45
  • 98