Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In my project rails have a CRUD for Users, when i am in the edit view in two different browsers, update one user with modified values and in the other browser can update the user without know that if has been modified.
How can avoid this behaviour? with the CRSF token in the form?
Thank you so much
A greeting!
I don’t think the CSRF token is what you want. One way would be to hash the properties that the form can change and render that hash to the form in a hidden field. (See http://www.ruby-doc.org/stdlib-1.9.3/libdoc/digest/rdoc/Digest.html for generating a hash.) When the form is submitted and before you’ve updated the models properties from the form, compare the hash submitted by the form with a hash of the same properties in the model you’re about to update. If they match, that means the model hasn’t changed since the form was rendered.
A less convoluted approach would be to do roughly the same thing only via the updated_at timestamp of the model.