No Secret Given to the protect from forgery call

johnmuhl edited this page Aug 24, 2010 · 2 revisions
Clone this wiki locally


When upgrading from pre-0.6.8, if you get this error on the login screen:

No :secret given to the #protect_from_forgery call.  Set that or use a session store capable of generating its own keys (Cookie Session Store).

The Solution

If you haven’t run rake production db:migrate, you’ll have to do so first. Open environment.rb and change:

config.action_controller.session_store = :active_record_store


config.action_controller.session_store = :cookie_store

When you get a CGI::Session::CookieStore::TamperedWithCookie error afterwards, simply clear your cookies and reload the page.