2

Hi I've been searching all around the internet to solve this problem but can't find a solution. I am getting the following exception when I try to destroy the user session (log out as a user);

ActionController::InvalidAuthenticityToken in Devise::SessionsController#destroy

It is not the case of user logging out consecutively. I've tried logging in with no cookies, and I am able to log in, but each time I try to log out I am thrown that exception.

I am using Rails 4.1 and Devise 3.4 . Any form of help would be greatly appreciated. Thanks for all the great work.

amirothman
  • 157
  • 1
  • 11
  • Check the solution here [http://stackoverflow.com/questions/20875591/actioncontrollerinvalidauthenticitytoken-in-registrationscontrollercreate][1] [1]: http://stackoverflow.com/questions/20875591/actioncontrollerinvalidauthenticitytoken-in-registrationscontrollercreate – anyavacy Apr 08 '15 at 23:04

1 Answers1

2

Cross site request forgery is failing, because of an expired or missing csrf token.

fix 1: check if your <%= csrf_meta_tag %> is indicated on your layout.

your layout should have something like 

<meta name="csrf-token" content="I+nZnT$#Twefelfjiself" />

or

fix 2: on devise.rb, change 'delete' to 'get'

config.sign_out_via = :get

then on your views change links into 

<%= link_to "logout", destroy_user_session_path, method: :get %>
mpalencia
  • 5,481
  • 4
  • 45
  • 59