Reputation: 1271
rails 3 authenticity_token how it is generated
does any one know how the authenticity_token of rails3 is generated? I noticed that the value of the token of a form does not change when I refresh the form page. who is it generated? based on session cookie? on time? secret_key?
Upvotes: 2
Views: 1140
Answers (2)
Reputation: 5052
The AuthenticityToken is basically a call to ActiveSupport::SecureRandom.base64(32), which you can read about here http://api.rubyonrails.org/classes/ActiveSupport/SecureRandom.html
Edit - Updated to include more recent changes, as per Lambart's answer below.
In Rails >= 3.1, ActiveSupport::SecureRandom is deprecated in favor of SecureRandom from the Ruby standard library (starting with Ruby 1.9.3, it seems).
However it is generated, this token is stored in the session (i.e. it lasts for the lifetime of the session).
Thanks Lambart.
Upvotes: 6
Reputation: 2096
In Rails < 3.09, the AuthenticityToken is generated by a call to ActiveSupport::SecureRandom.base64(32), which you can read about here.
In Rails >= 3.1, ActiveSupport::SecureRandom is deprecated in favor of SecureRandom from the Ruby standard library (starting with Ruby 1.9.3, it seems).
However it is generated, this token is stored in the session (i.e. it lasts for the lifetime of the session).
Upvotes: 0
Related Questions
- Understanding the Rails Authenticity Token
- how to generate AuthenticityToken on rails
- What happens to rails authenticity token after refresh and when it is created
- Generate Secure Token - Ruby on Rails
- Rails 4 Authenticity Token
- How to post authenticity_token?
- Where does rails store authenticity token
- which method is used to generate "Application.config.secret_token = '...'"?
- What is the Rails secret token and how do I set it?
- Rails - Work Around Authenticity Token