CSRF Error Explained.

Are you seeing this error?

CSRF token verification failed

CSRF, or Cross-Site Request Forgery, is a vulnerability very common in websites. In short, it means that if you have your site at foo.com, and an attacker at badguy.com can display a form similar to one of your site’s, and make users on his site submit the forms on your site, possibly without their knowledge.

Our software will create a CSRF token and set it in a PHP Session. This token is then passed with all form submissions to ensure that all form submissions come form your own web site, preventing cross site attacks.

So why am I seeing the error?

PHP sessions only last for a short amount of time. If you are doing extensive testing of your form, and not reloading the form page , the session could expire. When the session expires a new token is generated. This causes the error. 

Your users will generally never see this error, since they are not submitting your form over and over and over and over again.

Reloading the form page will normally resolve this issue.




Have more questions? Submit a request


  • 0
    Mike Schienle

    Thanks, Mike. I just had a client run into this filling out a form. Hopefully, they got distracted by a squirrel earlier and can complete the form more quickly this time.

    ... a few minutes later ...

    Client just followed up.

    I’m notorious for starting something and leaving it overnight. I started working on it last night and wandered away…came back to the same open page on my computer this morning. I’ll just start from scratch right now ...

    Edited by Mike Schienle
Article is closed for comments.
Powered by Zendesk