制定会议立即.js文件调用过期[AJAX] [英] Devise session immediately expiring on .js call [AJAX]

问题描述

经过多次反复试验，我已经缩小的问题，向下跌破5号线。出于某种原因，.js文件响应结束用户会话。使用3.0.4和1.1.7设计（和jQuery 1.5）。

此外，@​​organization正在更新，已完成200 OK节目在日志中，这样用户就不会知道他/她被注销，直到下一个动作尝试。

任何帮助和指导，大大AP preciated。

  *控制器*
1高​​清make_featured
2 @organization = Organization.find（PARAMS [：ID]）
3 @ organization.is_featured？ @ organization.update_attribute（：is_featured，假）：@ organization.update_attribute（：is_featured，真）
4的respond_to做|格式|
5 format.js {渲染：行动=＆GT; 更新，：布局=＆GT;假}
6月底
7月底
 

和

  * update.js.haml *
$（＃ORGANIZATION_+#{@organization.id}）.replaceWith（＃{escape_javascript（渲染：部分=＆GT;用户/ supplier_view'，：当地人=＆GT; {：组织=＆GT; @organization }）}）;
 

解决方案

非常感谢布兰登·马丁的设计谷歌集团指着我的诠释，他朝着正确的方向......

这是一个Rails 3.0.4安全修补程序的结果。

的http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

在一个小时左右，从这篇博客的工作着，这里有其他人一些提示...

• 在此问题已修复在rails.js - 所以你不用砍，打补丁，或者推倒重来
• 如果您正在使用rails.js开箱，更新 - 耙导轨：更新（我想，但我使用自定义的rails.js文件）
• 如果您使用的是自定义的rails.js文件，去获得源$ C ​​$ C到最新的版本在这里：的 https://github.com/fermion/jquery-ujs/blob/master/src/rails.js
• 将上面的 csrf_meta_tag 帮助您的 javascript_include_tag 取值

希望帮助！

Through much trial and error, I have narrowed the problem down to line 5 below. For some reason, the .js response is ending the user session. Using 3.0.4 and devise 1.1.7 (and jQuery 1.5).

Additionally, @organization is being updated and Completed 200 OK shows in the log, so the user does no know he/she is logged out until the next action is attempted.

Any help and guidance is greatly appreciated.

*Controller*
1   def make_featured
2     @organization = Organization.find(params[:id])
3     @organization.is_featured ? @organization.update_attribute(:is_featured,"false") :   @organization.update_attribute(:is_featured,"true")
4       respond_to do |format|
5         format.js {render :action => "update", :layout => false}
6       end
7   end

and

*update.js.haml*
$("#organization_" + "#{@organization.id}" ).replaceWith("#{ escape_javascript(render :partial => 'users/supplier_view', :locals => {:organization => @organization}) }");

解决方案

Many thanks to Brandon Martin from the Devise Google Group for pointing me int he right direction...

This is a result of a Rails 3.0.4 security fix.

http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

After an hour or so of working forward from this blog post, here are some tips for others...

• This has been fixed in rails.js - so you don't have to hack, patch, or reinvent the wheel.
• If you are using rails.js out of the box, update it - rake rails:update (I think, but I use a customized rails.js file)
• If you are using a custom rails.js file, go get the source code to the newest version here: https://github.com/fermion/jquery-ujs/blob/master/src/rails.js
• place your csrf_meta_tag helper above your javascript_include_tags

Hope that helps!

这篇关于制定会议立即.js文件调用过期[AJAX]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！