I'm using Rails 4.1.0.
I am in a project were my options are very limited. I need to have a form submit data to an external API. I stored the values of the form in the session because this application is multi-form based.
The problem is that when the API POSTs back to my Rails application, the session is nullified.
I know this happens because protect_from_forgery in my app/controllers/application_controller.rb
How can I keep the session just a little longer, until the API POSTs back to my confirmation page (saying the form was submitted successfully)?
You can turn off request forgery protection for just a single action:
skip_before_action :verify_authenticity_token, only: :my_action_name
Replace :my_action_name with the name of the action the API POSTs back to.