I was setting up omniauth for Github I was trying to set some session variables before the authorization. Unfortunately my session was being destroyed and my variables were gone. After digging into it a little bit I found out that its the
verify_authenticity_token method which rails requires by default or in your application controller.
All you need to do is skip the before_filter in your session controller.
class SessionsController < ApplicationController
Only do this in the session controller and even restrict to specific actions if you can. Do not skip this in your application controller though because its a security feature.
Related External Links: