0

Following on from this question on CSRF errors.

Is it correct/will it work if I use:

protect_from_forgery with: exception, except: sign_in

Or can I only have one or the other?

It works when I run it in development but just not sure it is working as intended.

Community
  • 1
  • 1
Jay Killeen
  • 2,832
  • 6
  • 39
  • 66
  • are you still unable to push to `heroku`? – Wally Ali May 17 '14 at 05:37
  • try `protect_from_forgery with: :null_session` in application controller – Wally Ali May 17 '14 at 05:39
  • No that issue fixed itself. I am now able to push to heroku – Jay Killeen May 17 '14 at 05:41
  • ok I'll give the null sessions a try. I did read this but thought it was only relevant for json ajax api application requests. – Jay Killeen May 17 '14 at 05:43
  • you may be right. this is what is says inside the application controller: `# For APIs, you may want to use :null_session instead.` why do you want to use `protect_from_forgery with: exception, except: sign_in`? are you getting any errors? – Wally Ali May 17 '14 at 05:54
  • just pushed to heroku with the null_session. Instead of erroring now it just constantly redirects to login. Once logged in, I can navigate a couple of times until my authentication token gets destroyed, and I am redirected back to the login screen. Something is destroying my authentication token... so confused. This does not happen in my development environment on my laptop where I am continually navigating around even as we speak. – Jay Killeen May 17 '14 at 05:56
  • 1
    When I scale down to 1 dyno the issue is being resolved. I have done some googling and found this http://stackoverflow.com/questions/10999853/rails-devise-heroku-and-multiple-dynos. Is this a memcache or redis thing? I have not yet learnt this area. – Jay Killeen May 17 '14 at 06:59

0 Answers0