Simplic.IT | Blog

One Train Working

stop the intermittent InvalidAuthToken error!

I can't figure out why the Rails core team hasn't fixed this yet...

The form_authentication_token is composed of Base64 and it kills some Internet Explorer non-Browsers when the Base64 contains '=', '+' or '/' (which happens with Base64 sometimes).

The token is generated using ActiveSupport::SecureRandom. It hands out a method called base64(). And, here is the surprise, it also hands out a method called hex(). Why the core team hasn't changed the base64(32) to hex(32) some odd releases of Rails ago is beyond me.

So there is a plugin (by me) that does it for you: http://github.com/coffeeaddict/one_train_working

Finding a sound name wasn't easy, it took some reading of the almighty wikipedia, but I have found this.

Comments

they all use macs ;)

By: giggy @ 2009-12-22

If only that where true... Would make so much easier! (And less interesting ;)

By: Hartog @ 2009-12-22

Some of our customers use windows. I've never run across this problem, and the only mention of it is a comment on an old ticket for an unrelated issue (https://rails.lighthouseapp.com/projects/8994/tickets/2177).

Thanks for posting your plugin. I've recently been struggling with similar base64 issues (in cases where a random hex wouldn't make sense), so I can see why this might cause problems. I'm not sure why base64 is even used, I seem to recall using SHA hex strings when I wrote it. Patches do help move the contribution process long though.

By: rick @ 2010-01-02

I think the main reason you haven't seen is, is because the problem only occurs when the Base64 string contains chars which aren't appreciated by IE(6). This isn't always the case.

The problem is so intermittent that it is accepted as just an other minor error (thank you Microsoft!) by most users.

By: Hartog @ 2010-01-02

Want to comment?

{ Blog }

One Train Working