I’m using the devise gem (1.4.2) and rails (3.0.7). I’ve got a view with

Question

0

Asked: May 23, 20262026-05-23T20:47:13+00:00 2026-05-23T20:47:13+00:00

I’m using the devise gem (1.4.2) and rails (3.0.7). I’ve got a view with

0

I’m using the devise gem (1.4.2) and rails (3.0.7). I’ve got a view with some check boxes and some jquery set up such that when I check a box it does a post which is handled by one of my controllers. Unfortunately, when I do this, it signs the current user out. Is there an easy way to avoid this? Thanks!

jquery code:

$(‘.do_some_action).live(‘change’, function(){
  $.post(‘/my_model/do_some_action’, {param1 : param1Value})
   return false
})

base controller:

class AuthorizedController < ApplicationController
  before_filter :authenticate_user!
  check_authorization
  load_and_authorize_resource

  rescue_from CanCan::AccessDenied do |exception|
    flash[:error] = exception.message
    redirect_to request.referer
  end
end

specific controller:

class MyModelsController < AuthorizedController
  ...
  def some_action
    ...
  end
end

-Jordan

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T20:47:14+00:00

Sounds like you aren’t passing the CSFR token in your AJAX requests.

Make sure the CSFR meta tag is being set by calling csrf_meta_tag in the HTML . Then you can use the below bit of JavaScript to ensure the CSFR tag is set on any AJAX requests.

$.ajaxSetup({beforeSend: function(xhr) {xhr.setRequestHeader("X-CSRF-Token", $("meta[name='csrf-token']").attr("content")); }});

You can also disable the CSFR check for that action by adding the below in your controller, but the JavaScript alternative would be better.

skip_before_filter :verify_authenticity_token

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m using the devise gem (1.4.2) and rails (3.0.7). I’ve got a view with

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply