This project is archived and is in readonly mode.
Session disappears after DELETE or PUT xhr request
Reported by whatwho | March 4th, 2011 @ 07:05 PM
Session data is cleared out, and is empty after an XHR request, when the HTTP method is :delete or :put, when Application.config.session_store :active_record_store turned on.
Bug appeared in Rails 3.0.4, and 3.0.5 is also concerned, but the issue doesn't occur in 3.0.3.
Comments and changes to this ticket
- State changed from new to invalid
- Importance changed from to Low
Are you sending the CSRF token in your XHR requests? If not then the you're seeing the effect of the CSRF security fix in 3.0.4. See the release notes for more information: http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ru...