My code was running fine under Rails 2.0.2. Then I enabled the db based session store by uncommenting this: config.action_controller.session_store = :active_record_store </pre> in environment.rb. Anything that used the session after that gave me this error: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own…