---
title: Built-In XSS Protection in Rails will Confuse You
teaser: A workaround for running multiple Rails apps on a single machine.
tags: web,rails
author: Matt Jankowski
published_on: 2005-12-14
---

If you do Rails development of multiple applications simultaneously on a machine
that you access with one hostname – but using different ports for the different
applications – you might end up with a problem.

The problem will be that you'll have a cookie set in your browser which ties you
into a session for one of the applications, and then you'll try to hit the
second application, and you'll get an empty screen and a 403 error in the logs,
with little else to go on.

This is a little-documented built-in defense against cross site scripting, but
you won't know that when you keep getting empty screens back from your otherwise
correct application.

You can solve this by either deleting your cookies for that domain/host, or by
deleting the session store for the applications.