Further findings:
- - It only happens with Safari (both desktop & iOS). Doesn't happen with Opera, Firefox & Chrome.
- - The site is full https (set up both in .htaccess and with forceSSL()) but the problem goes away when it's straight http (i.e. non SSL)
- - When I refresh / reload the form page using Safari a new SecurityID is generated each time, whereas when I refresh / reload from the other browsers, the same SecurityID is present for the length of the PHP session.
The strange behaviour of the SecurityID refreshing each time upon reloading the form page on Safari seems suspicious. I'm not sure how the browser reload can have an effect on the PHP Session / SecurityID - seems like it should make a difference but it does. I have debug statements in Form.php showing that each time the following line in Form::__construct() is called, a new SecurityID is generated:
$this->securityToken = ($securityEnabled) ? new SecurityToken() : new NullSecurityToken();
Posted to: CSRF error on form submission: "There seems to have been a technical problem. Please click the back button refresh your browser, and try again." | Show Thread | Post Reply