I’m currently deploying redmine for a customer, and today we ran into a strange issue.
People were able to login, but for certain operations some of them get an “Invalid form authenticity token” error. Moreover redmine was setting more that one cookie with different values and paths in firefox. After some time I figure out that RAILS_RELATIVE_URL_ROOT was set in the apache configuration but was empty. It looks like firefox and IE behave differently if the path of the cookie is empty, firefox considers that the path is the current directory and IE thinks it’s ‘/’ Now everything seems working.
I will try to blog a little more about what I’m doing at work