Rails 3的用户会话被破坏，同时呼吁从骨干集合创建 [英] Rails 3 user session gets destroyed while calling create from backbone collection

问题描述

我正在由一个Rails后端提供的数据主干应用程序。
当试图调用从骨干集合创建，在轨会话被销毁。
如何克服它的指针？

I have a backbone app which is being fed data by a Rails backend. When trying to call create from Backbone collection, the session in rails gets destroyed. Any pointers on how to overcome it?

推荐答案

这样的事情几乎总是一个坏的或不存在的 CSRF 令牌。在最近版本的Rails 3.0.4+，不具有匹配为用户当前会话生成的标记会破坏会话作为一项安全措施一个CSRF令牌的请求。

This sort of thing is almost always a result of a bad or non-existent CSRF token. In recent versions of Rails 3.0.4+, any request that doesn't have a CSRF token that matches the token generated for the users current session will destroy the session as a security measure.

下面是在Rails的CSRF安全一些更多的信息：结果
http://guides.rubyonrails.org/security.html#cross上门请求伪造CSRF

Here is some more info on CSRF security in Rails:
http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf

您可以轻松地测试，看看这是什么，是通过注释掉 protect_from_forgery 方法调用（可能在你的 application_controller.rb造成您的问题文件）。但我不会建议永久禁用出于安全考虑。

You can easily test to see if this is what is causing your problem by commenting out the protect_from_forgery method call (probably in your application_controller.rb file). But I wouldn't recommend disabling it permanently for security reasons.

这篇关于Rails 3的用户会话被破坏，同时呼吁从骨干集合创建的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！