If you’ve changed your Ruby on Rails application on Rails 2.x to use database sessions instead of the standard cookie sessions, you’ll most probably encounter the following error:

No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).

To get around this is painlessly simple, yet one of those little things that hides away where you might not first think.  To fix the error, simply go to your /app/controllers/application.rb file, and uncomment the commented text on the ”protect_from_forgery” line.

Restart your server, and all should be well!