Session timeout and long forms

fabianmichael · May 17, 2022, 1:20pm

Hi,

I’ve got a client project where visitors are expected to fill out very long forms. This is mainly for participating in awards and for signing up to events for multiple people. The forms themselves work fine, but we are getting a lot of support requests where the session timed out before a form could be submitted, as the form uses a CSRF token for security reasons.

I’m wondering, what would be the best way of dealing with that? Would it be possible to ping the server every few minutes to keep the session alive and maybe even update the hidden CSRF token field, whenever the old CSRF becomes stale?

Any help would be highly appreciated.

lukasbestle · May 17, 2022, 7:02pm

The CSRF never times out on its own, but the session can expire as well as run into an activity timeout. So about your last question: You never need to update the CSRF token.

Regarding session expiry: Regularly pinging the server is indeed a possible solution, the Panel does this as well. Alternatively you can extend the timeout duration (default: half an hour):

fabianmichael · June 7, 2022, 3:36pm

@lukasbestle Thank you very much for the clarification!

Topic		Replies	Views
Session timeout when submitting a form Questions 🤔	1	516	June 14, 2019
Request long session for frontend login Solved ✅	6	490	June 12, 2020
Long sessions for Kirby 2 Solved ✅	4	496	February 1, 2020
Restart User Session, reset session timeout Solved ✅	2	1239	March 9, 2018
Login session lifetime extending for the frontend Solved ✅	7	3564	June 15, 2016

Session timeout and long forms

Related Topics