设计会话立即到期.js调用[AJAX] [英] Devise session immediately expiring on .js call [AJAX]

问题描述

通过多次尝试和错误，我将问题缩小到下面的第5行。由于某种原因，.js响应结束了用户会话。使用3.0.4和devise 1.1.7（和jQuery 1.5）。

另外，@organization正在更新，完成200 OK显示在日志中，所以用户不知道他/她是否被注销，直到尝试下一步。

非常感谢任何帮助和指导。

  *控制器* 
 1 def make_featured 
 2 @organization = Organization.find（params [：id]）
 3 @ organization.is_featured？ @ organization.update_attribute（：is_featured，false）：@ organization.update_attribute（：is_featured，true）
 4 respond_to do | format | 
 5 format.js {render：action => update，：layout => false} 
 6 end 
 7 end 
  

和

  * update.js.haml * 
 $（＃organization_+＃{@organization.id}）.replaceWith（ ＃{escape_javascript（render：partial =>'users / supplier_view'，：locals => {：organization => @organization}）}）; 
  

解决方案

非常感谢来自Devise Google Group的Brandon Martin指向我，他正确的方向...

这是Rails 3.0.4安全修复的结果。

http：// weblog。 rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

经过一个小时左右的工作从这个博客文章，这里有一些其他人的提示...

• 这已经在rails.js中修复了 - 所以你不如果您正在使用rails.js，请更新它 - rake rails：update （我想，但是我使用一个定制的rails.js文件）


• 如果您使用自定义的rails.js文件，请将源代码更新到最新版本： https://github.com/fermion/jquery-ujs/blob/master/src/rails.js


• place您的 csrf_meta_tag 助手上方 javascript_include_tag s

希望有帮助！

Through much trial and error, I have narrowed the problem down to line 5 below. For some reason, the .js response is ending the user session. Using 3.0.4 and devise 1.1.7 (and jQuery 1.5).

Additionally, @organization is being updated and Completed 200 OK shows in the log, so the user does no know he/she is logged out until the next action is attempted.

Any help and guidance is greatly appreciated.

*Controller*
1   def make_featured
2     @organization = Organization.find(params[:id])
3     @organization.is_featured ? @organization.update_attribute(:is_featured,"false") :   @organization.update_attribute(:is_featured,"true")
4       respond_to do |format|
5         format.js {render :action => "update", :layout => false}
6       end
7   end

and

*update.js.haml*
$("#organization_" + "#{@organization.id}" ).replaceWith("#{ escape_javascript(render :partial => 'users/supplier_view', :locals => {:organization => @organization}) }");

解决方案

Many thanks to Brandon Martin from the Devise Google Group for pointing me int he right direction...

This is a result of a Rails 3.0.4 security fix.

http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

After an hour or so of working forward from this blog post, here are some tips for others...

• This has been fixed in rails.js - so you don't have to hack, patch, or reinvent the wheel.
• If you are using rails.js out of the box, update it - rake rails:update (I think, but I use a customized rails.js file)
• If you are using a custom rails.js file, go get the source code to the newest version here: https://github.com/fermion/jquery-ujs/blob/master/src/rails.js
• place your csrf_meta_tag helper above your javascript_include_tags

Hope that helps!

这篇关于设计会话立即到期.js调用[AJAX]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！