CODEWITHSUNDEEP
expressionengine
Gio
Gio

Reputation: 165

Expression engine: This form has expired. Please refresh and try again

I've got a problem with the contact form in Expression Engine. I'm using the code from the docs but after submitting I'm getting this error : 

This form has expired. Please refresh and try again.

My code: 

{exp:email:contact_form user_recipients="no" recipients="[email protected]" charset="utf-8"}
    <h2>Support Form</h2>
    <p>
            <label for="from">Your Email:</label><br />
            <input type="text" id="from" name="from" size="40" maxlength="35" value="{member_email}" />
    </p>
    <p>
            <label for="subject">Subject:</label><br />
            <input type="text" id="subject" name="subject" size="40" value="Contact Form" />
    </p>
    <p>
            <label for="message">Message:</label><br />
            <textarea id="message" name="message" rows="18" cols="40">
                    Support Email from: {member_name}
                    Sent at:  {current_time format="%Y %m %d"}
            </textarea>
    </p>
    <p>
            <input name="submit" type='submit' value='Submit Form' />
    </p>
{/exp:email:contact_form}

I'm using Expression Engine 2.8.0. Thanks guys!

Upvotes: 3

Views: 5966

Answers (4)

Jim
Jim

Reputation: 1

I was having this problem only in Chrome and not in Firefox or Safari. I dug into the PHP and realized that it failed this check in Csrf.php:

// Fetch data, these methods enforce token time limits
    $this->fetch_session_token();
    $this->fetch_request_token();
// Main check
    if ($this->request_token === $this->session_token)
    {
        return TRUE;
    }

Then I realized that I had set Chrome to block cookies. I set it so Chrome would allow cookies and I am no longer getting that error message.

Upvotes: 0

Pete Smith
Pete Smith

Reputation: 33

For us, adding this to the config.php 'fixed' the problem (more like, put a bandaid on it since it's not an ideal situation)

$config[‘disable_csrf_protection’] = “y”;

Upvotes: 3

Ward Smith
Ward Smith

Reputation: 91

EE requires an XID to be in the form. There is a global variable you can use to generate an XID hash:

<input type="hidden" name="XID" value="{XID_HASH}" />

http://ellislab.com/blog/entry/putting-the-secure-in-secure-mode-forms

Upvotes: 9

JamesNZ
JamesNZ

Reputation: 512

I think that's a problem with the secure forms XID hash. You can only submit a form once while using "secure forms" (to stop spammers hijacking them).

A quick way of disabling it is to open system/expressionengine/config/config.php and add this down the bottom to disable it. See if that makes a difference for you.

$config["secure_forms"] = "n";

Obviously using secure forms is preferable though.

Upvotes: -1

Related Questions