Defect #17588

Warn that the authenticity token is invalid before you get the textarea to edit issues

Added by Pablo Yanez Trujillo about 8 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:


Target version:-
Resolution: Affected version:


I've tried to do a google search about that but I wasn't able to find anything useful. I don't know whether this should be counted as a bug or as a feature.

My problem is that I save the tabs in my browser, so when I close my browser and open it again, the last open tabs are displayed. However, Opera does not make a GET request to the sites in the tabs but displays the contents as they were before closing the browser (probaly it renders them from its cache).

Anyway, the redmine site of my company has been configured so that you have to log in before you
can edit issues. It happens to me quite often that when I start my working day, and start working on the issues I've got, I lose track of the time spending on the individual issues and after working on them, opening and closing new tabs, I come across a tab with an issue of a past session (like the day before).

Here I've forgotten to press F5 to get a new authenticity token. Then I happily click on Update to update the status of the issue and start editing the issue. After a couple of minutes I click on Submit and get a nasty surprise:


Invalid form authenticity token.

If you go back (by pressing the backspace-key or clicking on the back-button of the browser) then you realize that you've lost everything, since the Update-Link executes

showAndScrollTo("update", "issue_notes"); return false;

and even if you execute it again, the form fields are all empty again :(

On some occasions I've lost more than 30 minutes of typing... that's very frustrating, specially when you are in a hurry and need to type everything again.

So, wouldn't it make more sense that when you click on Update instead of getting the textarea right away, you get first an error message/warning that your csrf token is invalid thus preventing you from wasting you time in the first place?

The version of redmine my company is running

  Redmine version                2.4.1.stable
  Ruby version                   1.9.3-p194 (2012-04-20) [x86_64-linux]
  Rails version                  3.2.15
  Environment                    production
  Database adapter               Mysql2
  Subversion                     1.6.17
Redmine plugins:
  redmine_favorite_projects      1.0.1
  redmine_startpage              0.1.0
  redmine_theme_changer          0.1.0

Also available in: Atom PDF