ActionController::InvalidAuthenticityToken

[Radzhab]

ps sorry for my english

When u try auth - server rise error

Started GET "/users/sign_in" for 127.0.0.1 at 2017-08-03 14:17:57 +0300
Processing by Devise::SessionsController#new as HTML
  Rendering users/sessions/new.html.erb within layouts/application
  Rendered users/shared/_links.html.erb (1.9ms)
  Rendered users/sessions/new.html.erb within layouts/application (7.4ms)
  Rendered shared/_yandex_metrics.html.erb (0.3ms)
  Rendered shared/_top-bar.html.erb (0.7ms)
  Rendered shared/_main-header.html.erb (1.7ms)
  �[1m�[36mRubric Load (0.3ms)�[0m  �[1m�[34mSELECT "rubrics".* FROM "rubrics"�[0m
  �[1m�[36mAlim Load (0.3ms)�[0m  �[1m�[34mSELECT "alims".* FROM "alims"�[0m
  Rendered shared/_nav_new.html.erb (7.2ms)
  Rendered shared/_footer.html.erb (1.3ms)
Completed 200 OK in 137ms (Views: 109.4ms | ActiveRecord: 3.9ms)
 
 
Started POST "/users/sign_in" for 127.0.0.1 at 2017-08-03 14:18:02 +0300
Processing by Devise::SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"mloexfy8li2dGoMwbjMEKTQ4xQMGVL5XMj+9nK/qzZnnhfwQwXNDtBnsiKvDI0CyEt83c1F+aKw2JFa16EMIgA==", "user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "remember_me"=>"1"}, "commit"=>"Log in"}
Can't verify CSRF token authenticity.
Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
 
 
 
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

My settings

Devise.setup do |config|
  config.secret_key = '7a50245c9bed8291faa4830e0f49cf7e7e1984a86f32054d82055fbc37a776a6f0224ba23486f25043c16a40d4375420705640c8d0c22800f732f9f9ff479d3a'

  config.mailer_sender = '[email protected]'
  config.scoped_views = true
  require 'devise/orm/active_record'
  config.case_insensitive_keys = [:email]
  config.strip_whitespace_keys = [:email]
  config.skip_session_storage = [:http_auth]
  config.stretches = Rails.env.test? ? 1 : 11
  config.reconfirmable = true
  config.expire_all_remember_me_on_sign_out = true
  config.password_length = 6..128
  config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
  config.reset_password_within = 6.hours
  config.sign_out_via = :delete
end

rails 5.0.2
ruby 2.3.3

[leonardoprg]

Hello @Radzhab are you able to use this script to reproduce the error?

https://github.com/plataformatec/devise/blob/master/guides/bug_report_templates/integration_test.rb

Thanks

[dsozdanoski]

I'm having the same issues on Chrome Version 61.0.3163.79 (Official Build) (64-bit). It's working on other browsers but it seems that the session cookie is not stored in the latest version.
ActionController::InvalidAuthenticityToken in Devise::SessionsController#create
Chrome reports an error in !DOCTYPE html
Clear-Site-Data header on 'http://localhost:3000/admins/sign_in': Unrecognized type: {"types":["cache".
Clear-Site-Data header on 'http://localhost:3000/admins/sign_in': Unrecognized type: "executionContexts"]}.
Failed to load resource: the server responded with a status of 422 (Unprocessable Entity)

[leonardoprg]

Yes, I had it as well,

but only in development, I think it's a problem related to spring,

when happens, try spring stop, restart the server.
it works for me.

[dsozdanoski]

Turns out to be Secure Headers issue. Has nothing to do with Devise or Rails cookies.

[rafaelfranca]

Thanks, in that case I'm closing this issue

[mittalyashu]

Hey, @leonardoprg. Can you tell what is this spring about?

I am facing the same issue of ActionController::InvalidAuthenticityToken, but it is not working for me.