-
In an app we want to create account in an SPA in addition to the usual forms. after_create_account do
json_response.merge!(
csrfToken: rails_csrf_token,
) This is similar to what we were doing with Devise where we returned But the token returned is not valid and the next request using this token results in an invalid token 422 error. When I get the
I am assuming the token is reset after Do you have any idea on how to get the propre token? My current alternative is to do a
As you can see, it looks like the token stored in the session is only generated during the call to the custom |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
I'm not able to reproduce this behaviour in the official demo app, for me the CSRF token is present in I thought this might be related to Rodauth clearing the whole session when logging the user in (to prevent session fixation attacks), but the user is autologged in after |
Beta Was this translation helpful? Give feedback.
I'm not able to reproduce this behaviour in the official demo app, for me the CSRF token is present in
after_create_account
and correctly returned in the response. Do you think you could create a minimal Rails app that reproduces the issue?I thought this might be related to Rodauth clearing the whole session when logging the user in (to prevent session fixation attacks), but the user is autologged in after
after_create_account
is called.