So I have AJAX login/logout using Devise. If I logout with AJAX, the session is reset and I'm sitting on a stale CSRF token. To work around that issue, I thought I would generate a new token in my logout server-side code, pass it back to the client, and have the client set it in the proper place. So I return JSON like so:
return render :json => {:success => true,·
:user_registration_path => user_registration_path,
:csrfToken => form_authenticity_token}
which I then handle in my ajax success handler, like so:
logoutAuth: function(e, data, status, xhr) {
console.log(data);
console.log(status);
console.log(data.csrfToken);
$('.calendar').hide();
$('.sign-out-button').hide();
$('.right').append($('<li class="btn log-in-button"><a class="standout" href="#" data-reveal-id="login">Member Log in</a></li>'));
$('.right').append($('<li class="btn sign-in-button"><a class="standout-primary" href="' + data.user_registration_path +·
'" data-reveal-id="sign-up">Member Sign up</a></li>'));
// reset CSRF token with new token generated after sign out -- to allow AJAX with CSRF protection
$('meta[name="csrf-token"]').attr('content', data.csrfToken);
}
Here's the weird part: when I see what the results of calling form_authenticity_token are on the server, I get some big ass randomly generated hash. Expected. When I console.log(data.csrfToken), what that hash should have been mapped to, I get undefined. Yet other variables in my data object are accessible. Moreover, I see the token in the XHR response in my developer tools. What's up? Also, is this the preferred way of resetting an authenticity token?
