1
votes

I am trying out the Braintree Payment gateway in a Rails app. After processing a credit card transaction, my application automatically logs out the logged out user. It only happens after I do a Braintree related transaction. Any ideas why this is happening?

2

2 Answers

1
votes

The problem was not directly related to Braintree's Payment Gateway. It had more to do with CSRF and how Ruby on Rails handle HTTP Post. I initially followed the tutorial on Braintree where it used . This caused Rails to loose the session because of security associated with CSRF. To pass Rails's security check, I had to use <%= form_for @myobject, ... } do |f| %>. Lesson learned.

0
votes

My answer is different. But your answer is informational enough for me.

As i am using ActiveMerchant, i would configure the return_url (usually an action) to skip CSRF checks with an exception for "protect_from_forgery".

class PaymentsController < ApplicationController


 protect_from_forgery :except=>[:return]

 def return

  ret = ActiveMerchant::Billing::Integrations::Ipay88::Notification.new(request.raw_post)

   if ret.success?
     <code>
   else
     <code>
   end
 end