Permalink
Browse files

logout current user if no valid CSRF token is present

  • Loading branch information...
1 parent 68ca131 commit 84467d41313b7212b91e505884236c506fb77d22 @balexand balexand committed Dec 12, 2011
Showing with 8 additions and 0 deletions.
  1. +8 −0 app/controllers/application_controller.rb
View
8 app/controllers/application_controller.rb
@@ -4,6 +4,14 @@ class ApplicationController < ActionController::Base
redirect_to root_url, :alert => exception.message
end
+ protected
+
+ # overrides ActionController::RequestForgeryProtection#handle_unverified_request
+ def handle_unverified_request
+ super
+ cookies.delete(:token)
+ end
+
private
def user_for_paper_trail

0 comments on commit 84467d4

Please sign in to comment.