My application is built using rails 3 and i have added the csrf_meta_tag in application.html.erb.
<%= csrf_meta_tag %>
Authenticity token is changing for different users, but the token is same in the entire session i.e its not changing for each put & post request.
Any idea how to fix this issue?
Authenticity token stays same for the entire session. it does not changes for every request as a copy of authenticity in encrypted form is mapped in with your cookies which is used to match against whether the authenticity token is valid or not
Just set session[:csrf_token]=nil if you want it to change for every request
Just cross check this I know this work but done it long back
Also just check if this link for more info