0

I am changing the value in session in an api controller, but it doesn't reflect next time the value of that variable in session is fetched. Here is the api-controller...

module Api
    module V0
        class RecommendationsApiController < ApplicationController

           def x
              r1 = session[:last_id]
              r2 = some_function(r1)
              session[:last_id] = r2 
              #doesn't reflect in the session next time this same function is called, and the old value is shown
              #though checking the value of session at this point shows the right value been set in the @delegate part of the session

           end
        end
    end
end

this is the session_store.rb

Application.config.session_store :cookie_store, key: '_session_name'

application_controller.rb

  protect_from_forgery

  after_filter :set_csrf_cookie_for_ng

  def set_csrf_cookie_for_ng
    cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?
  end

  protected

  def verified_request?
    super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
  end

this is websiteApp.run function. 

var csrf_token = $cookies['XSRF-TOKEN'];
$http.defaults.headers.common['X-XSRF-TOKEN'] = csrf_token;

I tried to set the token inside config, but config block doesn't have $cookies. So tried to set headers inside run.

Please help out.

Improve this question
1
  • Have you looked at the cookie in your browser to see whether the value is actually getting to the browser? That'll tell you whether the problem is the cookie not being set, or the cookie not being read. There are posts out there on how to decrypt session cookies Commented Sep 11, 2014 at 2:54

1 Answer 1

Reset to default
0

Did you turned of CSRF validation for that action? if not, what's probably happening is that rails is clearing the session for security reasons. You should only deactivate it for specific actions:

protect_from_forgery :except => :my_action

or in this case

protect_from_forgery :except => :x
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Image
I didn't turn it off. I have added the application_controller.rb to the question. What else can be the issue?
Image
I would get rid of the after filter in the application controller (if its not useful for its purpose), and in the RecommendationsApiController add the following line: 'skip_before_filter :verify_authenticity_token, :only => [:x]'
Image
Removing after_filter and adding skip_before_filter in RecommendationApiController does no good. Though this is the reason why I had to add these lines stackoverflow.com/questions/7600347/….. What else can I do?
Image
Are you using AngularJS (is AngularJS making the API request)?
Image
Yes I am making an api request using angularjs.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.