Rails - Catch 'Invalid Authenticity Token' exception

Asked 30/12, 2009 at 16:26 Answered 31/12, 2009 at 16:54

Solved ruby-on-rails exception authenticity-token expired-sessions

I'm currently using RESTful Authentication plug-in on my rails application.

There is a typical scenario when a user stays at login screen for enough time (let's say 1 day..) that makes the authentication token invalid due to time expire.

When this user tries the next day to login (he didn't refresh, he is still with this invalid token), he will get an "500" http error. Making the application crash for that request.

I'm wondering if it's possible to catch this expection and warn the user. Like any other innocent web user he just does back and tries again.. and again gets the same error...

Hyaluronidase answered 30/12, 2009 at 16:26 Comment(0)

In your application_controller.rb you'll do something like:

rescue_from Your::Exception, :with => :show_some_error_page

This will let you show some action, in this case show_some_error_page when an unhandled exception occurs.

I hope this helps.

Debidebilitate answered 30/12, 2009 at 16:48 Comment(0)

-2

If this happens often for a particular controller action, you could also disable authenticity token checking entirely for that action...

skip_before_filter :verify_authenticity_token, :only => [:create]

Oliverolivera answered 31/12, 2009 at 16:54 Comment(2)

Wouldn't this be extremely unsecure? My logs show frequent hacking attempts to login creating these exceptions. – Turpentine 22/8, 2014 at 11:40

this is actually helpful. yes, it might be insecure for some actions. but it answers the question asked AND shows how to specify just certain actions. – Chamfron 20/9, 2020 at 0:44

Recommended topics

Hot tags