Ruby on Rails - Occasional Invalid Authenticity Token

Question

I've had a few instances where it appears that a user may go idle for quite some time and then may come back to a page with or without refreshing and upon submission of the form on the page, the user receives an HTTP 422 Invalid Authenticity Token error.

I understand what this error means but I am unsure how to properly handle the error. I don't want to remove the validation for the token in my controller. All of the other questions I have seen just talk about what the token is and not how to solve the issue.

Checkout this question and answer for a possible solution: stackoverflow.com/q/7744459/26604 — Kyle Heironimus

olucube.com olucube.com · Accepted Answer · 2018-01-10T20:52:37

You can inspect the element (use the developer tools) on the form to see if there is hidden input that holds the token. Otherwise you can manually add authenticity_token to the form helper e.g.

<%= form_for(@model, ... authenticity_token: true) do |f| %>

after that try to show the form to make sure you can see a hidden input authenticity_token already added to the form. I had same experience when using ajax and I implemented it this way:

<%= form_for(@model, html: { multipart: true }, remote: local_assigns[:ajax_form], authenticity_token: true) do |f| %> or

<%= form_for(@model, html: { multipart: true }, remote: true, authenticity_token: true) do |f| %>

Ruby on Rails - Occasional Invalid Authenticity Token

1 Answers