This project is archived and is in readonly mode.
Session disappears after DELETE or PUT xhr request
Reported by whatwho | March 4th, 2011 @ 07:05 PM
Session data is cleared out, and is empty after an XHR request, when the HTTP method is :delete or :put, when Application.config.session_store :active_record_store turned on.
Bug appeared in Rails 3.0.4, and 3.0.5 is also concerned, but the issue doesn't occur in 3.0.3.
Comments and changes to this ticket
-
Andrew White March 4th, 2011 @ 09:17 PM
- State changed from “new” to “invalid”
- Importance changed from “” to “Low”
Are you sending the CSRF token in your XHR requests? If not then the you're seeing the effect of the CSRF security fix in 3.0.4. See the release notes for more information: http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ru...
-
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
Andrew White
Jeremy Kemper
Manfred Stienstra
Piotr Sarnacki
whatwho