AJAX calls with rescue_from in Rails ApplicationController session seems to be lost

Question

In Rails I have added a couple rescue_from handlers in the ApplicationController. They work fine except for looks like the session gets lost because the next request is always being redirected to login page.

ApplicationController:

  rescue_from ActiveRecord::RecordNotFound, :with => :handle_record_not_found
  rescue_from ActiveRecord::RecordInvalid, :with => :handle_record_invalid
  rescue_from ApplicationSecurityError, :with => :handle_security_error
  rescue_from ApplicationError, :with => :handle_application_error

One of the handlers:

def handle_application_error(error)
  logger.warn "#{error.class} #{error.user_safe_message} #{error.debug_info}, user #{@current_user.id}"
  render :json => {:errors => {:base => error.user_safe_message}, :status => :ok}
end

Is there a way to use these handlers without losing session? I checked in Firebug and it's definitely server side, because jQuery gets a different cookie from that erroneous request which is shorter than previous so i think i do lose the session.

Answer 1

Ok, so I did another try on SO search and found Rails 3 user session gets destroyed while calling create from backbone collection

which pointed to protect_from_forgery which took me to My jquery AJAX POST requests works without sending an Authenticity Token (Rails)

To fix the problem I just added that forgery protection parameters to all my AJAX requests.

var _auth_token_name = '<%= request_forgery_protection_token %>';
var _auth_token = '<%= form_authenticity_token %>';

The request body construction (which I use to call $.ajax) starts with this:

var data = {};
data[_auth_token_name] = _auth_token;