secret given to the #protect_from_forgery call

My code was running fine under Rails 2.0.2. Then I enabled the db based session store by uncommenting this:

  config.action_controller.session_store = :active_record_store
in environment.rb.

Anything that used the session after that gave me this error:

No :secret given to the #protect_from_forgery call.  Set that or use a session store capable of generating its own keys (Cookie Session Store).

If you have the same problem.  Go to application.rb and uncomment the secret then restart.

All better.

Leave a Reply