-
Holger Just authored
Since Rails 2.3.11, protect_from_forgery exclusively calls handle_unverified_request which defaults to resetting the session. The old code to handle an invalid CSRF token is not used anymore and is thus removed to un-confuse people.
724bd484