Last modified: 2014-02-13 01:24:31 UTC
[05:31] <Sir_Designer_> applying for wikimania support... everything very lucid, very nice, hit submit button... [05:31] <Sir_Designer_> "Invalid request [05:31] <Sir_Designer_> The request that was submitted was missing the request forgery protection token. Please return to the form, reload the page and try again." [05:31] <Sir_Designer_> am I going to lose all the typing and ticking off and drop down box content selection by reloading? [05:50] < andre__> Sir_Designer_: also depends on the browser you use, hence hard to tell. Try? :P [05:51] <Sir_Designer_> before I do, I ma busy copying all the precious work to Note (mac). :) [05:51] <Sir_Designer_> NOtes * [05:59] <Sir_Designer_> it was a spectacular lossage. glad I copied and pasted to a safe place. [06:23] <Sir_Designer_> Thanks! [06:23] <Sir_Designer_> Thank you for submitting your scholarship application for Wikimania 2014. Please contact wikimania-scholarships@wikimedia.org with any questions. [06:23] <Sir_Designer_> :) [06:23] <Sir_Designer_> see you in London!
[09:11] < bd808> Sir_Designer_: Do you have any guess about how long you had been working on the form before you hit submit when you got the missing request token error submitting for a Scholarship? We see that error in the logs several times per day and my only guess so far is that PHP has garbage collected the server side session due to inactivity while the user is working on their answers. [09:12] < bd808> I haven't had any reports of people not being able to submit on retry so I haven't worked too hard to reproduce the problem. It is annoying though. [09:14] <Sir_Designer_> bd808 20 minutes with onr back as i hit return inadvertently and it chided me that i did not finish [09:14] <Sir_Designer_> gotta run. [09:14] < bd808> Thanks for the data. That matches my guess about session garbage collection. [09:14] < bd808> I'll open a bug for next year :)
The guess about session cleanup is just that... a guess. If that is the problem it would be possible to add a javascript heartbeat callback that would keep the server side session alive while people were parked on the application form. Pinging back to the server every 5 minutes or so should be enough to keep the session alive. The client side script could even be really smart and only make the pings if there had been mouse/keyboard activity since the last ping went out. An alternate solution might be to fire a quick ajax request on form submit that validated that the XSRF token was still good and if not acquired a new one and wrote it into the form before letting the browser continue to submit.