设计+ Rails 3.0.4 在 AJAX 请求后结束会话
我有一个由 Ajax.InPlaceEditor
或 InPlaceCollectionEditor
生成的 AJAX 请求触发的操作,如下所示:
new Ajax.InPlaceCollectionEditor('agent_email', 'inspections/<%= @inspection.id %>/update_field',
{
collection: [<% @agents.each do |agent| %>
'<%= agent.email %>',
<% end %>],
okText: 'Update',
cancelText: 'Never mind',
savingText: 'Updating...'
});
在另一端,操作包含以下内容:
def update_field
--some code here--
if success
puts "stored change"
render :text => result
else
puts "did note change store"
render :text => inspection.errors.to_json, :status => 500
end
end
一旦任何渲染方法被调用,达到时,会话过期,下次用户发送请求时,Devise 将它们发送到登录页面。
即使我从身份验证中免除 update_field (before_filter :authenticate_user!, : except => :update_field
),会话仍然会被重置。
我查看了一个非常类似问题的答案 设计会话立即过期在 .js 上调用 [AJAX],但这并不能解决我的特定问题。
有什么想法吗?
I have an action triggered by an AJAX request generated by Ajax.InPlaceEditor
or InPlaceCollectionEditor
like this:
new Ajax.InPlaceCollectionEditor('agent_email', 'inspections/<%= @inspection.id %>/update_field',
{
collection: [<% @agents.each do |agent| %>
'<%= agent.email %>',
<% end %>],
okText: 'Update',
cancelText: 'Never mind',
savingText: 'Updating...'
});
At the other end, the action contains this:
def update_field
--some code here--
if success
puts "stored change"
render :text => result
else
puts "did note change store"
render :text => inspection.errors.to_json, :status => 500
end
end
Once any of the render methods are reached, the session expires, and next time the user send a request, Devise sends them to the logon on page.
Even though I am exempting update_field from authentication (before_filter :authenticate_user!, :except => :update_field
), the session is still getting reset.
I have looked at the answer at a very similar question at Devise session immediately expiring on .js call [AJAX], but it is not solving my particular problem.
Any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我通过从 http:// weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails (prototype-snippet.js):
...在我的 application.html 的 Javascript 块内。 erb:
也不要忘记
在同一文件的顶部添加:(如果还没有)。
文档“Ruby on Rails 中的 CSRF 保护绕过 ”解释了为什么这有效。
I got this to work by getting the code from http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails (prototype-snippet.js):
... within a Javascript block in my application.html.erb:
Also don't forget to add:
in the same file towards the top (if not already there).
The document "CSRF Protection Bypass in Ruby on Rails" explains why this works.