secret given to the #protect_from_forgery call

by Justin Ball on February 7th, 2008

My code was running fine under Rails 2.0.2. Then I enabled the db based session store by uncommenting this:

config.action_controller.session_store = :active_record_store

in environment.rb.

Anything that used the session after that gave me this error:

No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).

If you have the same problem. Go to application.rb and uncomment the secret then restart.

All better.

  • ivor

    I listened – thanks

  • http://N/A Walther

    well – it’s not entirely true, you know!

    I mean – somebody actually listens!

    Thanks for sharing!

    Ever come to Denmark? Give me a call – and I’ll try to make up for the tip ;)

    /Walther

  • Deus

    wow thank you soo much, I was following along a rails tutorial when I ran into that very problem and had no clue, you’re info is much apreciated

  • Jesse

    Helpful sharing.

    I didn’t enable the db based session store but also encountered the same problem, and solved it per your guidance.

    Thanks.

  • http://www.comp.nus.edu.sg/~kanmy Min

    Thanks for your help for this one. Solved my bug…

  • mrx

    Thanks very much. I had the same problem & I had no idea what was going wrong

  • rey

    thanks a lot!!! that saved me a lot of trouble!

  • Alex

    Thank you very much for this tip! Very helpful!

  • thomas

    Yes thanks for that tip, but could somebody explain why (is that for recognizing sessions on every pages and we just avoid the problem by uncommenting the secret or ??)???

    Could somebody explain the issue ??

  • rob

    thanks! I’m going through the latest beta of pragprog Agile Rails 3rd ed and ran right into this bug.

  • Eivind

    Ah, thanks!

  • http://denacht.blogspot.com Jesse

    Thanks :-)

  • jabi

    Hey, thanks a lot, you saved at least hour or may be more of my time.

  • sameer

    There are people who share their knowledge and you are one of then

    Thanks

  • Lo

    Many thanks – it helps me a lot :-) )
    Lo

  • Kent Karlsson

    Thanks! Saved me some time to figure it out.. =)

  • http://sumanthtechsavvy.blogspot.com sumanth

    Thanks it was handy…

  • aaron

    You rock! This is great!

  • http://www.anlek.com Anlek

    Thanks, I was looking at how to fix it!

  • Mike

    Thanks a lot! And … by the way so many people listening to you :-)

  • http://www.cluefire.com Dan

    Looks like I’m definitely not the only one who can say this, but thanks much man! I had no idea where to begin (other than to google the error, which brought me here :) )

  • http://rubyassist.com Rup

    Good catch for the error above. I got the same problem but now I know how to fix it.
    Thanks

  • http://gardner-webb.edu Doug

    Thanks man. I would have never figured that out on my own.

  • Patricio Soto

    Thanks for the help :)

  • lowell

    thanks justin.

    thomas, no this isn’t a hack we may regret in the future. the error message tells us to do exactly this, just doesnt say where. in app.rb, the comment confirms that its ok to do so in this situation.

  • Radu

    Thanks man… You were very helpful!

    Best regards from Romania!

  • http://www.pd4free.com Sean McGilvray

    I to had the same problem and this was the perfect fix.

    Thank you!!!!

  • Jose Vicente

    THANKS A LOT!!!!!

  • Michael

    Thanks! The fact that there is a secret in config/environment.rb makes this extremely not obvious how to fix. Your post saved the day.

  • karthik

    I am still getting that error Even after uncommenting that line.
    Here’s what i am trying to do..
    i tried to add that line of code in rhtml file
    :add_to_cart, :id=> product %>
    Any help would be greatly appericiated.

  • William Wallace

    Thank you. Really appreciate.

  • noocx

    Thanks

  • ander

    Thank you so much!

  • Angela

    Thank you, sir! very helpful

  • Rander

    Thank you very much fot this tip. It was very helpful

  • http://www.onet.pl Wejder

    you saved whole Polish nation those info.
    thank you so much.

  • vishal

    Thanks for the information. It was really helpful. Appreciable attempt!!!

  • aawilson

    Much obliged.

  • Robert

    Thank you very much!

  • Guillermo Velasquez

    Thanks!

  • nobody

    me as a nobody listened, many thanks

  • endotly

    eh… luv it )

  • sugi

    Thanks a lot dude……….

  • Harikrishnan

    Thanks You Very Much !!!!

  • ganesha

    Thank you!!!!

  • http://harish-in.blogspot.com Harish

    Thanks for your great information…

  • wowgoldkk

    Looks like your question thing at the end of the post worked. Also not having to sign in is nice too. Good job. Nice list. Thanks.|*|wow power leveling|*|http://www.wow-powerleveling.org

  • shikher

    Cheers man…. Exactly what i was looking for…
    Thanks a lot! :)

  • shikher

    Cheers man…. Exactly what i was looking for…
    Thanks a lot! :)

  • http://recordsresources.com genealogy

    Hello, i think this information is so great!

  • muthukumar

    Thanks a lot

  • Bk01236

    YOU R THE BEST! THANK YOU SO MUCH!