secret given to the #protect_from_forgery call

February 7th, 2008 by Justin Ball

My code was running fine under Rails 2.0.2. Then I enabled the db based session store by uncommenting this:

config.action_controller.session_store = :active_record_store

in environment.rb.

Anything that used the session after that gave me this error:

No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).

If you have the same problem. Go to application.rb and uncomment the secret then restart.

All better.

Tags:   · · 28 Comments

Leave A Comment

28 responses so far ↓

  • 1 ivor Feb 8, 2008 at 6:44 am

    I listened - thanks

  • 2 Walther Feb 20, 2008 at 9:45 am

    well - it’s not entirely true, you know!

    I mean - somebody actually listens!

    Thanks for sharing!

    Ever come to Denmark? Give me a call - and I’ll try to make up for the tip ;)

    /Walther

  • 3 Deus Mar 3, 2008 at 12:33 am

    wow thank you soo much, I was following along a rails tutorial when I ran into that very problem and had no clue, you’re info is much apreciated

  • 4 Jesse Mar 17, 2008 at 3:22 am

    Helpful sharing.

    I didn’t enable the db based session store but also encountered the same problem, and solved it per your guidance.

    Thanks.

  • 5 Min May 13, 2008 at 2:41 am

    Thanks for your help for this one. Solved my bug…

  • 6 mrx May 20, 2008 at 5:56 am

    Thanks very much. I had the same problem & I had no idea what was going wrong

  • 7 rey May 29, 2008 at 9:28 am

    thanks a lot!!! that saved me a lot of trouble!

  • 8 Alex Jun 1, 2008 at 6:28 pm

    Thank you very much for this tip! Very helpful!

  • 9 thomas Jun 15, 2008 at 5:26 am

    Yes thanks for that tip, but could somebody explain why (is that for recognizing sessions on every pages and we just avoid the problem by uncommenting the secret or ??)???

    Could somebody explain the issue ??

  • 10 rob Jun 29, 2008 at 11:44 am

    thanks! I’m going through the latest beta of pragprog Agile Rails 3rd ed and ran right into this bug.

  • 11 Eivind Jul 7, 2008 at 2:30 am

    Ah, thanks!

  • 12 Jesse Jul 7, 2008 at 1:52 pm

    Thanks :-)

  • 13 jabi Jul 7, 2008 at 10:01 pm

    Hey, thanks a lot, you saved at least hour or may be more of my time.

  • 14 sameer Jul 8, 2008 at 2:05 pm

    There are people who share their knowledge and you are one of then

    Thanks

  • 15 Lo Aug 10, 2008 at 6:34 am

    Many thanks - it helps me a lot :-))
    Lo

  • 16 Kent Karlsson Aug 11, 2008 at 11:28 pm

    Thanks! Saved me some time to figure it out.. =)

  • 17 sumanth Aug 14, 2008 at 2:29 pm

    Thanks it was handy…

  • 18 aaron Aug 22, 2008 at 5:08 pm

    You rock! This is great!

  • 19 Anlek Aug 26, 2008 at 12:12 pm

    Thanks, I was looking at how to fix it!

  • 20 Mike Aug 27, 2008 at 4:21 am

    Thanks a lot! And … by the way so many people listening to you :-)

  • 21 Dan Aug 27, 2008 at 10:23 pm

    Looks like I’m definitely not the only one who can say this, but thanks much man! I had no idea where to begin (other than to google the error, which brought me here :) )

  • 22 Rup Sep 2, 2008 at 6:08 pm

    Good catch for the error above. I got the same problem but now I know how to fix it.
    Thanks

  • 23 Doug Sep 9, 2008 at 7:57 pm

    Thanks man. I would have never figured that out on my own.

  • 24 Patricio Soto Sep 21, 2008 at 11:22 pm

    Thanks for the help :)

  • 25 lowell Oct 2, 2008 at 11:21 pm

    thanks justin.

    thomas, no this isn’t a hack we may regret in the future. the error message tells us to do exactly this, just doesnt say where. in app.rb, the comment confirms that its ok to do so in this situation.

  • 26 Radu Nov 11, 2008 at 4:22 am

    Thanks man… You were very helpful!

    Best regards from Romania!

  • 27 Sean McGilvray Nov 18, 2008 at 3:18 pm

    I to had the same problem and this was the perfect fix.

    Thank you!!!!

  • 28 Jose Vicente Nov 20, 2008 at 10:53 am

    THANKS A LOT!!!!!