Session timeout and long forms


I’ve got a client project where visitors are expected to fill out very long forms. This is mainly for participating in awards and for signing up to events for multiple people. The forms themselves work fine, but we are getting a lot of support requests where the session timed out before a form could be submitted, as the form uses a CSRF token for security reasons.

I’m wondering, what would be the best way of dealing with that? Would it be possible to ping the server every few minutes to keep the session alive and maybe even update the hidden CSRF token field, whenever the old CSRF becomes stale?

Any help would be highly appreciated. :slight_smile:

The CSRF never times out on its own, but the session can expire as well as run into an activity timeout. So about your last question: You never need to update the CSRF token.

Regarding session expiry: Regularly pinging the server is indeed a possible solution, the Panel does this as well. Alternatively you can extend the timeout duration (default: half an hour):

1 Like

@lukasbestle Thank you very much for the clarification! :slight_smile: