class ActionController::RequestForgeryProtection::ProtectionMethods::NullSession

def handle_unverified_request

This is the method that defines the application behavior when a request is found to be unverified. 
def handle_unverified_request
  request = @controller.request
  request.session = NullSessionHash.new(request)
  request.flash = nil
  request.session_options = { skip: true }
  request.cookie_jar = NullCookieJar.build(request, {})
end

def initialize(controller) 

def initialize(controller)
  @controller = controller
end