My code was running fine under Rails 2.0.2. Then I enabled the db based session store by uncommenting this:
config.action_controller.session_store = :active_record_store </pre>in environment.rb. Anything that used the session after that gave me this error:
No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store). </pre>If you have the same problem. Go to application.rb and uncomment the secret then restart. All better.