Rails AJAX Posts Session Reset
Dusty Candland |
|
rails, ruby
Notes regarding AJAX post requests being logged out on Rails. Seems the problem is not adding the CSRF data.
The problem was that AJAX post requests resulted in a redirect to the login page. Further inspection showed the cookie was being passed, but the session on server was empty. Rails wasn’t getting the correct CSRF value and as a result, resetting the session data.
This StackOverflow post has some useful info Rails not reloading session on ajax post.
This lead to a post by Jason Weathered CSRF vulnerability in Ruby on Rails 2.3.10 & 3.0.3.
Which ended up at the jQuery UJS project. Installing this fixed the problem!
Webmentions
These are webmentions via the IndieWeb and webmention.io. Mention this post from your site: