samhendley · May 27, 2010 13:11
diff --git a/per_action_request_forgery_protection.rb b/per_action_request_forgery_protection.rb

 # this monkey patch for Rails 2.3.5 means each action has its own token, i'm not
 # sure if this actually makes things more secure or worse.
 ActionController::RequestForgeryProtection.class_eval do
  def form_authenticity_token_with_action(*args)
    session_var_name = "_csrf_token_#{controller_name}_#{action_name}"
    session[session_var_name.to_sym] ||= ActiveSupport::SecureRandom.base64(32)
  end
  alias_method_chain :form_authenticity_token, :action
 end

	# this monkey patch for Rails 2.3.5 means each action has its own token, i'm not
	# sure if this actually makes things more secure or worse.
	ActionController::RequestForgeryProtection.class_eval do
	def form_authenticity_token_with_action(*args)
	session_var_name = "_csrf_token_#{controller_name}_#{action_name}"
	session[session_var_name.to_sym] \|\|= ActiveSupport::SecureRandom.base64(32)
	end
	alias_method_chain :form_authenticity_token, :action
	end