I’ve got a client project where visitors are expected to fill out very long forms. This is mainly for participating in awards and for signing up to events for multiple people. The forms themselves work fine, but we are getting a lot of support requests where the session timed out before a form could be submitted, as the form uses a CSRF token for security reasons.
I’m wondering, what would be the best way of dealing with that? Would it be possible to ping the server every few minutes to keep the session alive and maybe even update the hidden CSRF token field, whenever the old CSRF becomes stale?
Any help would be highly appreciated.