diff options
Diffstat (limited to 'guides')
-rw-r--r-- | guides/source/security.md | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 15b28664b7..a901589e4f 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -250,9 +250,8 @@ This will automatically include a security token in all forms and Ajax requests It is common to use persistent cookies to store user information, with `cookies.permanent` for example. In this case, the cookies will not be cleared and the out of the box CSRF protection will not be effective. If you are using a different cookie store than the session for this information, you must handle what to do with it yourself: ```ruby -def handle_unverified_request - super - sign_out_user # Example method that will destroy the user cookies. +rescue_from ActionController::InvalidAuthenticityToken do |exception| + sign_out_user # Example method that will destroy the user cookies end ``` |