0

For some reason my application won't login on firefox. It throws a CSRF error, although all tags are present and submitting successfully. Login also works on any other browser.

I found an answer that referenced changing:

Learn::Application.config.session_store :cookie_store, key: '_learn_session', domain: :all

to

Learn::Application.config.session_store :cookie_store, key: '_learn_session'

in config/initializers/session_store.rb

I've tried with both (and initially had it without domain: :all) but neither seem to work.

This question references my issue, but the answer is was not helpful in my situation.

To further complicate the situation, I've tested without CSRF enabled, and the app simply prevents a login without a failure notification.

Any help would be appreciated.

Community
  • 1
  • 1
maxm
  • 3,412
  • 1
  • 19
  • 27
  • Could you add the relevant pieces of your HTML (meta tags and/or form definition) and the `params` hash as show on your console for a login-request before it is denied? Maybe your `before` filter from the controller is relevant as well. – Patru Mar 15 '14 at 23:12

2 Answers2

1

Have you ever checked your cookie?

I encountered the same problem earlier today and it turned out to be a problem with my cookie configuration. As your application still won't work without CSRF enabled, I think either your login_controller or session_store has bugs. Read session_store.rb and your_environment.rb carefully and maybe you can find what's wrong.

Tim Guo
  • 98
  • 1
  • 6
  • 1
    WOW! I actually had cookies turned off in firefox and spent 4 hours trying to track down issues in the app. This was enough to remind me that I should probably check on that. Thanks!. – maxm Mar 16 '14 at 15:49
  • I did exactly the same thing, had somehow blocked cookies from localhost. – hcarver Sep 04 '14 at 15:39
0

Wow. I managed to do this again (see comment on Tim's answer), so I'm really writing this answer to my future self. Specifically, Firefox had blocked cookies from localhost.

If I unblocked the cookies, after a while Firefox automatically blocks them again, requiring them to be unblocked. I'm not yet clear on why this happens, but at least the work around is obvious (Chrome).

hcarver
  • 7,126
  • 4
  • 41
  • 67