Sitecore – WFFM v8.1.2 form times out after a period of inactivity

Recreate problem:

So if a user starts the form, fills in one field, waits 30 minutes and fills in the rest and clicks submit, the form fails to submit.

Analysis:
1. The issue occurs when session is expired. Expiration is controlled by timeout value of the session state configuration in the web.config:

<sessionState mode=”InProc” cookieless=”false” timeout=”20″ … />

2. In the previous update Wffm fixed issue #79897 that allowed to compose forged requests:
https://dev.sitecore.net/Downloads/Web%20Forms%20For%20Marketers/Web%20Forms%20For%20Marketers%2081/Web%20forms%20for%20marketers%2081%20Update1/Release%20Notes

3. The logic of this anticsrf is pretty simple: there is some value (guid) stored in the session and another value is on the form (hidden input control with “_anticsrf” postfix in id and name). If at the submission these values are different or session is null, this message about forged request will be logged and the submission will be aborted. In our case, the session is expired in 20 minutes and session value at submission is null.

Possible Workarounds:
1. Increase session timeout to 60 minutes.

2. Contact Sitecore Support and ask about Sitecore.Support.456464.Diagnostics assembly that simultaneously logs diagnostics data and works around this behavior allowing to submit forms. To use this assembly you need to open Website\sitecore modules\Web\Web Forms for Marketers\control\SitecoreSimpleFormAscx.ascx file and change its Inherits to Sitecore.Support.Form.Web.UI.Controls.SitecoreSimpleFormAscx type. This assembly will log diagnostics data in the following way:

First access of a form on cd:

17684 17:57:04 INFO  [Thread ID: 12] Sitecore.Support.456464.Diagnostics. OnInit. sessionValue papameter: null
17684 17:57:04 INFO  [Thread ID: 12] Sitecore.Support.456464.Diagnostics. OnInit. AntiCsrf.Value papameter: 63a9f5d0-6e4c-46d9-b8db-1ff1ee352d2a
25548 17:57:20 INFO  [Thread ID: 78] Sitecore.Support.456464.Diagnostics. OnInit. sessionValue papameter: 63a9f5d0-6e4c-46d9-b8db-1ff1ee352d2a
25548 17:57:20 WARN  [WFFM] The {5B34DB4E-2C00-468F-AAFC-6F22E99BFFF2} form has no actions.

25548 17:57:20 INFO  AUDIT (extranet\Anonymous): [WFFM] Form {5B34DB4E-2C00-468F-AAFC-6F22E99BFFF2} is saving to db

Accessing and submitting form when session was expired:

25548 18:02:57 INFO  [Thread ID: 78] Sitecore.Support.456464.Diagnostics. OnInit. sessionValue papameter: null
25548 18:02:57 INFO  Sitecore.Support.456464.Diagnostics. OnClick. WFFM: Forged request detected!
25548 18:02:57 INFO  [Thread ID: 78] Sitecore.Support.456464.Diagnostics. OnClick. sessionValue papameter: 5e154c27-7eb1-450d-88a0-9b94f9646b60
25548 18:02:57 INFO  [Thread ID: 78] Sitecore.Support.456464.Diagnostics. OnClick. antiCsrf.ID papameter: form_5B34DB4E2C00468FAAFC6F22E99BFFF2_anticsrf
25548 18:02:57 INFO  [Thread ID: 78] Sitecore.Support.456464.Diagnostics. OnClick. antiCsrf.Value papameter: 63a9f5d0-6e4c-46d9-b8db-1ff1ee352d2a
25548 18:02:57 WARN  [WFFM] The {5B34DB4E-2C00-468F-AAFC-6F22E99BFFF2} form has no actions.
25548 18:02:57 INFO  AUDIT (extranet\Anonymous): [WFFM] Form {5B34DB4E-2C00-468F-AAFC-6F22E99BFFF2} is saving to db

3. Override logic of Sitecore.Form.Core.Ascx.Controls.SimpleForm.OnClick method and use your own type for Website\sitecore modules\Web\Web Forms for Marketers\control\SitecoreSimpleFormAscx.ascx control.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s