0

我正在更改sessionapi 控制器中的值,但它不会反映下次session获取该变量的值时。这是api控制器...

module Api
    module V0
        class RecommendationsApiController < ApplicationController

           def x
              r1 = session[:last_id]
              r2 = some_function(r1)
              session[:last_id] = r2 
              #doesn't reflect in the session next time this same function is called, and the old value is shown
              #though checking the value of session at this point shows the right value been set in the @delegate part of the session

           end
        end
    end
end

这是session_store.rb

Application.config.session_store :cookie_store, key: '_session_name'

application_controller.rb

  protect_from_forgery

  after_filter :set_csrf_cookie_for_ng

  def set_csrf_cookie_for_ng
    cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?
  end

  protected

  def verified_request?
    super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
  end

这是websiteApp.run功能。

var csrf_token = $cookies['XSRF-TOKEN'];
$http.defaults.headers.common['X-XSRF-TOKEN'] = csrf_token;

我试图在里面设置令牌config,但config块没有$cookies。于是试着在headers里面设置run

请帮忙。

4

1 回答 1

0

您是否为该操作关闭了 CSRF 验证?如果不是,那么可能发生的是 Rails 出于安全原因正在清除会话。您应该只为特定操作停用它:

protect_from_forgery :except => :my_action

或者在这种情况下

protect_from_forgery :except => :x
于 2014-09-10T05:31:49.043 回答