Invalid Authenticity Token When Multiple Tabs Open
|Added at||2017-01-04 16:01|
I have a Rails 4.2 application. Several months ago we started experiencing Invalid Authenticity Token errors. I've discovered that the following scenario reproduces the error:
1) User opens up browser and visit's ourwebsite.com/log-in.
2) User opens up second tab in the same browser and visits ourwebsite.com/enroll-in-course.
3) User goes back to tab one and logs in submitting a POST form.
4) User goes to tab two and submits a POST form on the enroll-in-course page.
5) Error appears.
Here's some general information about our app:
I have a theory that because we log in the user, the csrf_token stored in the session changes. Thus when the user submits a form in the second tab, the token from form will not match the token in the session and an InvalidAuthenticityToken is raised. What's wrong and how do I fix this? Better yet, is this even fixable?