You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our app has a timeout that logs a user out after a session timeout. We also use the authenticityToken in our app. If a user logs out normally the next login attempt works fine. But if the user leaves the browser alone and lets the auto-logout occur, the first login attempt after that issues an error "invalidAuthenticityToken" error. If I go again to the login page, it works fine. I should add that I encounter this after letting it autologout over night so it's been >12 hrs of inactivity, long past the app session timeout and the browser session timeout.
I can't figure out how to prevent this error. I thought that perhaps the value was stored in a cookie since I have seen it there but not sure when it appears or how it gets there. But trying to explicitely delete that cookie on auto-logout didn't work. It doesn't appear that there was a cookie by that name at time of auto-logout. Trying to destroy the session at logout didn't help either, so it doesn't appear to be session scoped storage related.
I also think this same error occurs when there is no authenticityToken in the tag. However, we use just one layout.cfm and it places #csrfMetaTags()# within the tag pair.
I don't know what is going on behind the scenes in Wheels but hope someone can state here how to explicitely prevent this error. If it's a stale token, how do I clear it out at autologout. I don't know where it is being persisted, if not in a cookie. If it's due to a missing token when the login has that #csrfMetaTags()# added, then is this a case where that method is fetching a stale token or non at all?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Our app has a timeout that logs a user out after a session timeout. We also use the authenticityToken in our app. If a user logs out normally the next login attempt works fine. But if the user leaves the browser alone and lets the auto-logout occur, the first login attempt after that issues an error "invalidAuthenticityToken" error. If I go again to the login page, it works fine. I should add that I encounter this after letting it autologout over night so it's been >12 hrs of inactivity, long past the app session timeout and the browser session timeout.
I can't figure out how to prevent this error. I thought that perhaps the value was stored in a cookie since I have seen it there but not sure when it appears or how it gets there. But trying to explicitely delete that cookie on auto-logout didn't work. It doesn't appear that there was a cookie by that name at time of auto-logout. Trying to destroy the session at logout didn't help either, so it doesn't appear to be session scoped storage related.
I also think this same error occurs when there is no authenticityToken in the tag. However, we use just one layout.cfm and it places #csrfMetaTags()# within the tag pair.
I don't know what is going on behind the scenes in Wheels but hope someone can state here how to explicitely prevent this error. If it's a stale token, how do I clear it out at autologout. I don't know where it is being persisted, if not in a cookie. If it's due to a missing token when the login has that #csrfMetaTags()# added, then is this a case where that method is fetching a stale token or non at all?
Beta Was this translation helpful? Give feedback.
All reactions