This is something that I’ve discovered as I was building hushyhushy. After I upgraded to Rails 2, I began using authenticity tokens. So far so good. But in the course of testing the app, I would encounter the infamous ‘InvalidAuthenticityToken Error’. That’s weird! It usually happened in the middle of testing the app, and after some time too. It means that my authentication token was working fine, but somehow or rather it just failed in mid air. Then I realised the reason after some investigation.

The reason is that my session expired. The session id changed. The authentication token is tied to the session id. So it became invalid. I did set my sessions to expire. I hope this helps for those who encountered the same problems as me.

The obvious solutions that I can think of is:

• prevent the session from expiring
• lengthen the session expiration time
• reset the authentication token

Here’s how you would set the session expiration time in config/environment.rb

1

 ActionController::Base.session_options[:session_expires] = 10.minutes.from_now

The best solution is to reset the authentication token. I tried doing that with form_authentication_token(), but I wasn’t too successful. I’ll try again and update this post if I am successful.