在 Rails 4 中优雅地处理 InvalidAuthenticityToken 异常 [英] Gracefully handling InvalidAuthenticityToken exceptions in Rails 4

问题描述

我刚刚将应用程序从 Rails 3 升级到 Rails 4，我看到一堆 InvalidAuthenticityToken 异常弹出.深入研究，我们的用户在我们的网站上打开多个长期存在的选项卡是很常见的.所以我认为正在发生的事情是这样的:用户 Alice 打开了三个选项卡，她的会话过期了.她重新登录其中一个选项卡，这会更新存储在她的会话中的真实性令牌.然后她返回到其他打开的选项卡之一并尝试提交数据，但她从我们引发的 InvalidAuthenticityToken 错误中收到了 500 错误.

I've just upgraded an app from Rails 3 to Rails 4, and I'm seeing a bunch of InvalidAuthenticityToken exceptions popping up. Digging in it looks like it is fairly common for our users to have multiple long-lived tabs open on our site. So I think what's happening is something like this: user Alice has three tabs open and her session expires. She logs back in on one of the tabs, which updates the authenticity token stored in her session. Then she returns to one of the other open tabs and tries to submit data, but she gets a 500 error from the InvalidAuthenticityToken error we raised.

为 Alice 做一些错误处理显然会很好，这样她就不会收到 500 错误.我想知道这种情况的最佳实践.什么是处理 Alice 从过期选项卡提交的好方法?我不想让当前会话过期，因为从用户的角度来看这会非常烦人(我刚刚登录，你笨蛋！").理想情况下，我只希望用户重新加载页面，这将导致表单中出现正确的真实性令牌.或者我应该做一些不同的事情，以便打开的长期标签通知会话已过期并强制重新加载?从用户的角度来看，这可能是次优的，因为他们喜欢让该页面准备好并且易于访问以继续引用，这就是他们首先将其在选项卡中保持打开状态的原因.

It would clearly be nice to do some error handling for Alice so she doesn't get a 500 error. I'm wondering about best practices for this kind of situation. What would be a nice way to handle Alice's submission from the expired tab? I don't want to expire the current session, because that would be super annoying from the user's perspective ("I just logged in, you dolt!"). Ideally, I just want the user to reload the page, which would result in the correct authenticity token being present in the form. Or should I be doing something different so that the long-lived tabs that are open notice that the session has expired and force a reload? This would probably be sub-optimal from the user's point of view, because they liked having that page ready and easily accessible to keep referencing, which is why they left it open in the tab in the first place.

推荐答案

在我的 rails 4.1.1 应用程序中，我遇到了同样的问题.我通过将此代码添加到 ApplicationController 来解决它.我在这里.

In my rails 4.1.1 app I had the same problem. I solved it by adding this code to ApplicationController. I found this solution here.

rescue_from ActionController::InvalidAuthenticityToken, with: :redirect_to_referer_or_path

def redirect_to_referer_or_path
  flash[:notice] = "Please try again."
  redirect_to request.referer
end

通过这种方式，任何继承自 ApplicationController 的控制器都将通过重定向到提交表单的页面来处理错误，并带有一条闪现消息，以向用户指示出了什么问题.请注意，这使用了 Ruby 1.9 中引入的哈希语法.对于旧版本的 Ruby，您需要使用 :with =>:redirect_to_referer_or_path

This way any controller that inherits from ApplicationController will handle the error with a redirect to the page the form was submitted from with a flash message to give the user some indication of what went wrong. Note this uses the hash syntax introduced in Ruby 1.9. For older versions of Ruby you will need to use :with => :redirect_to_referer_or_path

这篇关于在 Rails 4 中优雅地处理 InvalidAuthenticityToken 异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！