So I’m not sure if this is 100% causing it but I was able to replicate the error
1) Open two browser windows of the same browser type (ie. 2 chrome windows)
2) Go to the login page in both windows
3) Login on one of the windows and then logout
4) Login on the other browser window and you’ll see the error
Logging out updates the csrf token but if the other login page isn’t refreshed it doesn’t get the updated token. Shouldn’t devise be handling this situation gracefully?
This is where it errors:
def handle_unverified_request raise ActionController::InvalidAuthenticityToken end
protect_from_forgery with: :exception
getting rid of the with: :exception prevents the exception from being thrown and forces the login page to refresh so I guess that solves that problem. We’ll see if that resolves the issues w/ users trying to log in during a deploy.
I have my production and staging in heroku.
config/environments are exact copies. However, I could replicate the error in
production but not in