I have a view that displays list of users for a event and I have provided CRUD actions views for users view.
When superadmin tries to edit details of user, everything works fine.
but when user tries to use back button to return to its existing state, a Confirm Form Submission message displays.
And there's no error in rails console.
is there a way to solve this issue?
Confirm Form Submission Error
Related
I have a Rails 4.2 application. Several months ago we started experiencing Invalid Authenticity Token errors. I've discovered that the following scenario reproduces the error:
1) User opens up browser and visit's ourwebsite.com/log-in.
2) User opens up second tab in the same browser and visits ourwebsite.com/enroll-in-course.
3) User goes back to tab one and logs in submitting a POST form.
4) User goes to tab two and submits a POST form on the enroll-in-course page.
5) Error appears.
Here's some general information about our app:
We are using Devise 3.4.1 with zero customization applied.
Our application controller runs protect_from_forgery with: :exception.
We use Turbolinks 2.5.
We are not caching either forms.
We run Turbolinks.pagesCached(0); in our Javascript on all pages.
To reiterate, both forms in the above scenario are POST forms. They work perfectly fine except in the above scenario.
From my knowledge, we have not made any changes in handling user sessions or CSRF tokens.
I have a theory that because we log in the user, the csrf_token stored in the session changes. Thus when the user submits a form in the second tab, the token from form will not match the token in the session and an InvalidAuthenticityToken is raised. What's wrong and how do I fix this? Better yet, is this even fixable?
Ok. I have a login page. After I entered the email and password correctly and it redirects to me to the user profile. When I hit the browser back button, it also redirects to the user profile which works fine. But the problem raises when let's say if I enter the email or password wrongly, it says "email/password incorrectly", and I enter second time correctly it redirects me to the user profile, but when I hit the browser back button, the page will show "Comfirm form resubmission". This doesn't make sense.
"Confirm form re-submission" has nothing to do with Rails. This is Chrome trying to help you and/or your users.
A POST request is by definition an operation that alters data. Executing a POST a second time, unintentionally, may mess things up. Imagine paying twice for the same product.
As Rustam A. Gasanov pointed out in his comment, you really shouldn't bother much with the behavior of the back button in this case.
After we update our RoR application and user has opened form and submits his form after code is updated our RoR application says Invalid Authenticity Token and than logs out user who submitted the form.
Is there any way how to solve this and update our code without logging out our users when they have submitted form after code is updated?
I have a form that all users can fill out (both logged in and logged out users).
For logged in users, when they submit the form, they go to the confirmation page just fine.
For logged out users, when they post the form, I want them to go to the devise login page and then directly to the confirmation page.
Is that possible?
I know a lazy way is to not show the form until the user logs in, but this is a flow is a requirement (showing the form to all users regardless if they're logged in or not).
The use case:
On my website, there is a field to post a comment to an item. The field is visible even if the user is not logged in. The user types in the comment and click submit. Because he's not logged in, we redirect him to the login page. The app stored the location. When he successfully signs in, he's redirected back to the previous location, which is the url to the comment form action, but with the verb GET. I managed to avoid this redirection to the last location in this case and instead redirect the user back to the item. That sucks because the user has to enter his comment again.
For those asking: I want to display this comment field in all case to increase the engagement. Don't want to hide this feature from visitors.
My question is very similar to this one
Redirect after login results in 404 error if a user submits a form to a POST-only action and their authentication has timed out
but using Rails 3.1+
THe question is: how to save the post action (with all the parameters) and re-post it once the user successfully logged. Another issue: The post is send via ajax.
Thanks