"Destroy record" call deletes session

[Sumit Srivastava]

Hi,

I have been trying to develop a sample app to create user logins and provide them personalized contact list with several features as of view, delete, edit, send mail, etc. Everything is working fine except the destroy action. Every time I call it, the session[:user] variable is destroyed, thus logging out the user.

Code for destroy is,

def destroy
    @contact = Contact.find(params[:id])
    @contact.destroy

    respond_to do |format|
      format.html { redirect_to contacts_url }
      format.js
    end
  end

contacts_url is path to the action which lists contacts for the user if session[:user] is valid else it logs out.

Am not able to find the problem. Have been struggling for a day.

[Sumit Srivastava]

I could solve the problem by removing the line,

protect_from_forgery

 from the ApplicationController but I am not sure if this is the correct approach. I tried adding the line <%= include_javascripts_tag :defaults %>
 but it didn't help . It says default.js doesn't exist.

What else could be the solution?

[Colin Law]

Put some debug code in to find exactly which line clears the session variable.
See the Rails Guide on Debugging for help with how to do this. I
rather suspect it is not the destroy action itself that is doing it.

Colin