Facebook signed request lose session in Ruby on Rails (ROR)

Question: Does the session in your Ruby on Rails application lose after a user goes to a facebook tab app then facebook tab app request to your server and your server receives a signed request?

Answer: This can be happening because of the facebook app doesn’t send a csrf token in it’s token.

You can fix this by add skip_before_filter :verify_authenticity_token to the controller that facebook app’s request to or remove protect_from_forgery from application_controller.rb

 
About these ads

One Comment on “Facebook signed request lose session in Ruby on Rails (ROR)”

  1. Thanks a lot !! This saved me some time for me and my client :)


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.