1

在我的网站的多个部分,我WARNING: Can't verify CSRF token authenticity在我的日志文件中收到,它正在重置我的会话。但是,我有真实性令牌:

    Started POST "/check_out/shopping_cart_with_authenticated_user" for 10.189.254.5 at 2013-09-12 11:19:02 -0400
    Processing by CheckOutController#shopping_cart_with_authenticated_user as HTML
      Parameters: {"utf8"=>"✓", "authenticity_token"=>"rGcLQAR/s7zRNf2WEqkuD7ar8IXs0alt7szJKSfgLio="}
    SESSION VARIABLES ARE: {}
    WARNING: Can't verify CSRF token authenticity

和这里:

    Processing by SessionsController#create as HTML
      Parameters: {"utf8"=>"✓", "authenticity_token"=>"N1F53oN1fTv2Ysg/27biH14dDyTtkm2RinAUqSHwGAs=", "user"=>{"email"=>"liz@nsdfsdfsdfsry.com", "password"=>"[FILTERED]"}, "commit"=>"Sign in"}
    SESSION VARIABLES ARE: {"current_cart_id"=>55175183, "_csrf_token"=>"HzPm7DHLslbV76wJ3ahCqPkOO4bv5k5CkjKBe3C9WHE=", "flash"=>#<ActionDispatch::Flash::FlashHash:0x00000005f1e028 @used=#<Set: {}>, @closed=false, @flashes={}, @now=#<ActionDispatch::Flash::FlashNow:0x00000005e81570 @flash=#<ActionDispatch::Flash::FlashHash:0x00000005f1e028 ...>>>, "warden.user.user.key"=>["User", [358060], "$2a$12$VcSeYjhwx6JkgERnlN0clu"], "logged_in_by_password"=>true, "user_id"=>358060}
    WARNING: Can't verify CSRF token authenticity

这是怎么回事?我正在使用 Rails 生成的表单。这是我正在使用的设计表单的示例:

            <%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
                <%= token_tag form_authenticity_token %>
              <div class="formField"><label for="email">Email <span>example: jane@example.com</span></label>
              <%= f.email_field :email, :autofocus => true, :id => "email", :class => "textfield col" %></div>

              <div class="formField"><label for="password">Password <span>is cAsE sEnSiTiVe</span></label>
              <%= f.password_field :password, :class => "textfield col" %></div>



              <div><%= f.submit "Sign in", :disable_with => "Signing in&#8230;".html_safe,:id => 'log_in', :class => 'button-red-shiny full-width ' %></div>
            <% end %>

== 更新 ==

所以最终我关闭了浏览器并重新打开它,它再次工作......但让我困扰的是这种情况已经多次发生。有谁知道我怎样才能防止它再次发生?

4

1 回答 1

0

Your CSRF token isn't being matched between the client and the server. This causes this error to occur.

于 2013-10-16T22:48:29.207 回答