CSRF Error Explained.

Are you seeing this error?

CSRF token verification failed

CSRF, or Cross-Site Request Forgery, is a vulnerability very common in websites. In short, it means that if you have your site at foo.com, and an attacker at badguy.com can display a form similar to one of your site’s, and make users on his site submit the forms on your site, possibly without their knowledge.

Our software will create a CSRF token and set it in a PHP Session. This token is then passed with all form submissions to ensure that all form submissions come form your own web site, preventing cross site attacks.

So why am I seeing the error?

PHP sessions only last for a short amount of time. If you are doing extensive testing of your form, and not reloading the form page , the session could expire. When the session expires a new token is generated. This causes the error. 

Your users will generally never see this error, since they are not submitting your form over and over and over and over again.

Reloading the form page will normally resolve this issue.




Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk