Session Not Persisting Through OAuth Or OmniAuth Callback In Rails

Posted by Weston Ganger on November 09, 2015

I was setting up omniauth for Github I was trying to set some session variables before the authorization. Unfortunately my session was being destroyed and my variables were gone. After digging into it a little bit I found out that its the verify_authenticity_token method which rails requires by default or in your application controller.

All you need to do is skip the before_filter in your session controller.

# app/controllers/session_controller.rb

class SessionsController < ApplicationController
  skip_before_filter :verifify_authenticity_token
  # ...

Only do this in the session controller and even restrict to specific actions if you can. Do not skip this in your application controller though because its a security feature.

Related External Links:

Posted in Rails and Tagged with session rails omniauth oauth 

Need help on your next project or application?

I specialize in Ruby-on-Rails, AngularJS, Javascript, Bootstrap, and Hybrid Mobile Apps with Cordova & Ionic.

Contact Me

Recommended Posts