CActiveForm and CSRF

I am using CActiveForms throughout my application. The problem that i am facing right now is that if a user has a form open for too long without submission and then when he tries to submit he gets HTTP 400 Exception, The CSRF token could not be verified.

Because i have also enabled the OnChange Validation of CActiveForm fields, this can also be observed without actually doing a submission but only by changing a field value.

My problem:

a- How can i prevent it altogether?

b- If (a) is not possible, how can i show user that he needs to reload page to submit form? Should i extend CFormModel and do a try-catch somewhere?

I would think you’ll either need to turn off the CSRF, or add some kind of Javascript to your page to periodically refresh it.


I was looking for something else, just stumbled on this entry.

For those looking how to monitor the CSRF token, check out my wiki page: