EE 3.4.2, Forms and "This form has expired. Please refresh and try again." woes
Development and Programming
Hello World:
I am at the edge of my seat, filled with frustration of not knowing if the issue is with EE or with the form submission Add-on.
I am reaching out to those who have a working form, perhaps even mailchimp working on their EE installation.
- EE 3.4.2
- Solspace Freeform 5.0.5 (free version)
- Subscriber EE Add-on
Either Freeform or Subscriber give me an error of
“
This form has expired. Please refresh and try again.“
This leads me to believe it is an EE issue.
Any help, extremely appreciated,
Thank you.
EE has CSRF protection which means that forms expire after 2 hours.
If you’re seeing this issue right after a page loads, there are several possibilities. Some are:
- Incorrect server/EE timezone settings (very likely)
- You’re loading www.domain.com and the form is posting to domain.com
- .htaccess issue
I tried checking the three issues you mentioned Pedro:
Incorrect server/EE timezones. I tried following some pointers into this, but I have not true idea how I can verify if both are working in sync or not. Tried running a PHP I found
<?php
global $PREFS, $SESS;
echo 'Site default time zone: '.$PREFS->ini('default_site_timezone');
echo '
Server timezone: '.$PREFS->ini('server_timezone');
echo '
User timezone: '.$SESS->userdata['timezone'];
?>But this didn’t work, it gave me a {!-- ra:whatever --}
I am working with a domain without www and it seems like everything comes that way.
.htaccess issue, I am using htaccess, but everything seems to be working there, unless the mod_rewrite has to have some specific code in there.
I am totally frustrated with this issue. A simple form from solspace is not working, and I think the culprit is EE. Any other suggestion(s.)
UPDATE
The form works turning off the CSRF protection in config file.
That should not be the case.
I think it is EE settings, somewhere is not okay, because the “EE Email Contact Form” found at https://docs.expressionengine.com/latest/add-ons/email/contact_form.html also brings the frustrating message: This form has expired. Please refresh and try again.
What can be the issue? time? How can I make sure that times are okay? web is working through sessions, should it be sessions&cookies;?
$config['disable_csrf_protection'] = "y";Frustration over, after going through all of the security settings, these should be set and required:
CP Session Type: Cookies and session ID Website Session Type: Cookies only
Domain: Exact domain. This is where .htaccess might be messy
Path: Very important if you’re using a subdirectory for EE
Now everything works.