1. Home
2. Questions
3. AI Assist Labs
4. Tags
6. Challenges
7. Chat
8. Articles
9. Users
11. Jobs
12. Companies
13. Collectives
14. Communities for your favorite technologies. Explore all Collectives
Stack Internal

Stack Overflow for Teams is now called Stack Internal. Bring the best of human thought and AI automation together at your work.
Try for free Learn more
Stack Internal
Bring the best of human thought and AI automation together at your work. Learn more

Why is sessions reset in my rails application?

Asked 12 years, 1 month ago

Modified 12 years, 1 month ago

Viewed 545 times

0

I has some features which settings I save in session. But after 1 times reload they reset and session values doesn't exist there.

First load I get session

{"session_id"=>"xxx"}

After save value I get

{"session_id"=>"xxx", "value"=>"100"}

And when I reload my page again I get reset session

{"session_id"=>"xxx"}

Why it can be?

asked Oct 12, 2013 at 17:55

1,2561 gold badge12 silver badges40 bronze badges

How are you manipulating the session?

Vidya
– Vidya

2013-10-12 17:58:32 +00:00
Commented Oct 12, 2013 at 17:58
add - session[:value] = 100 and remove - session[:value] = nil

itdxer
– itdxer

2013-10-12 18:02:43 +00:00
Commented Oct 12, 2013 at 18:02

Add a comment |

3 Answers 3

Sorted by:

1

Igor is exactly right. If that happens to be the case in your application, do something like this:

$(document).ajaxSend((event, jqxhr, settings) -> jqxhr.setRequestHeader("X-CSRF-Token", $('meta[name="csrf-token"]').attr('content')) jqxhr.setRequestHeader("X-CSRF-Param", $('meta[name="csrf-param"]').attr('content')) return )

Now that's CoffeScript, and that assumes you are using JQuery. Regardless, the point is you need to send the CSRF metadata along for the ride with your Ajax requests.

answered Oct 12, 2013 at 18:33

30.4k7 gold badges48 silver badges73 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

1

Most likely you're not passing the CSRF token in one of your (probably AJAX) requests. If rails receives invalid CSRF token - it resets the session.

Check out: http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf

Update: Vidya is right. You may also want to add the following code to your ApplicationController - to set the XSRF token for AJAX calls

after_filter :set_csrf_cookie def set_csrf_cookie cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery? end

edited Oct 12, 2013 at 18:54

answered Oct 12, 2013 at 18:02

5834 silver badges11 bronze badges

1 Comment

itdxer Over a year ago

I have <%= csrf_meta_tags %> in head tag. Does you mean that?

0

Thanks for every one, I find problem but I can't explain it. Later I remove row from js file app/assets/javascripts/application.js

//= require jquery_ujs

When I put it back, it's stop reset session values.

answered Oct 12, 2013 at 18:42

1,2561 gold badge12 silver badges40 bronze badges

1 Comment

Igor S. Over a year ago

Cool! Didn't know jquery_ujs handles the CSRF token (which is logical btw). Don't forget to accept your own answer, so that others could know what worked for you.

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.