设计会话在 .js 调用时立即过期 [AJAX] [英] Devise session immediately expiring on .js call [AJAX]
问题描述
经过多次反复试验,我已将问题缩小到下面的第 5 行.出于某种原因,.js 响应正在结束用户会话.使用 3.0.4 并设计 1.1.7(和 jQuery 1.5).
Through much trial and error, I have narrowed the problem down to line 5 below. For some reason, the .js response is ending the user session. Using 3.0.4 and devise 1.1.7 (and jQuery 1.5).
此外,@organization 正在更新并且日志中显示 Completed 200 OK,因此用户不知道他/她在尝试下一个操作之前已注销.
Additionally, @organization is being updated and Completed 200 OK shows in the log, so the user does no know he/she is logged out until the next action is attempted.
非常感谢任何帮助和指导.
Any help and guidance is greatly appreciated.
*Controller*
1 def make_featured
2 @organization = Organization.find(params[:id])
3 @organization.is_featured ? @organization.update_attribute(:is_featured,"false") : @organization.update_attribute(:is_featured,"true")
4 respond_to do |format|
5 format.js {render :action => "update", :layout => false}
6 end
7 end
和
*update.js.haml*
$("#organization_" + "#{@organization.id}" ).replaceWith("#{ escape_javascript(render :partial => 'users/supplier_view', :locals => {:organization => @organization}) }");
推荐答案
非常感谢 Devise Google Group 的 Brandon Martin 为我指明了正确的方向...
Many thanks to Brandon Martin from the Devise Google Group for pointing me int he right direction...
这是 Rails 3.0.4 安全修复的结果.
This is a result of a Rails 3.0.4 security fix.
http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
从这篇博文开始工作一个小时左右后,这里有一些给其他人的提示......
After an hour or so of working forward from this blog post, here are some tips for others...
- 这已在 rails.js 中得到修复 - 因此您无需修改、修补或重新发明轮子.
- 如果您使用的是开箱即用的 rails.js,请更新它 -
rake rails:update(我认为,但我使用自定义的 rails.js 文件) - 如果您使用自定义 rails.js 文件,请在此处获取最新版本的源代码:https://github.com/fermion/jquery-ujs/blob/master/src/rails.js
- 将您的
csrf_meta_tag助手放在您的javascript_include_tags 上方
- This has been fixed in rails.js - so you don't have to hack, patch, or reinvent the wheel.
- If you are using rails.js out of the box, update it -
rake rails:update(I think, but I use a customized rails.js file) - If you are using a custom rails.js file, go get the source code to the newest version here: https://github.com/fermion/jquery-ujs/blob/master/src/rails.js
- place your
csrf_meta_taghelper above yourjavascript_include_tags
希望有帮助!
这篇关于设计会话在 .js 调用时立即过期 [AJAX]的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
