Solved: Expression Engine Ajax Form Submit - “This form has expired. Please refresh and try again”

Posted 2 years ago

To solve the error “This form has expired. Please refresh and try again”  when submitting a form with expression engine, there’s a few things we need to establish.

The likely hood is it’s going to be an issue with the XSS or Cross site scripting. Do you require XSS filtering, the likely answer to that question is yes but if you don’t you can do two things…

  • Log in as an admin
  • Click settings
  • Security & Privacy
  • Scroll down to the bottom and turn off “Apply XSS filtering?

Alternatively you can add the following to your config file.

$config['disable_csrf_protection'] = "y";

Submitting forms with Ajax (and without)

If you want to keep CSRF and to be honest, I don’t blame you. I recommend keeping CSRF enabled. You need to ensure your forms are being submit with the csrf_token accessible.

Include the below on your forms getting submit.

<input type="hidden" name="csrf_token" value="{csrf_token}" />

If you’re working with Ajax, you need this value getting passed through.