Recently we had an issue where a client was unable to access his CMS. He was receiving an error ‘422 The change you wanted was rejected’. This was the production pretty message, caused by an InvalidAuthenticityToken error. After much debugging, trying to turn off authenticity token filtering and removing before filters I took a stab in the dark.
The problem was that the site was on a sub-domain with an underscore in the name abcd_efgh.demosite.com. While all other browsers behaved perfectly, Internet Explorer 7 (and I believe 6 as well) had a tantrum and wouldn’t accept cookies. The solution was to change the site’s underscore to a hypen, making it abcd-efgh.demosite.com. Hope someone out there saves time time and hair with this one.