Juergen Posted March 24, 2016 Share Posted March 24, 2016 Hello @ all, I have a page with a contact form, which is cached. After submitting the form the cache is active. I use the template cache. There is the possibility to add deactivating cache disabling post and get variables. So I have included a hidden field in the template: <input type='hidden' id='aftersub' name='aftersub' value='1'/> Then I added the hidden field to the post fields of the template cache tab, but the template cache will not be disabled after submission. I am not a PHP-pro, so can anyone tell me how to use the cache disabling variables correctly? Thanks in advance Link to comment Share on other sites More sharing options...
LostKobrakai Posted March 24, 2016 Share Posted March 24, 2016 This should work, if the field is properly submitted with the contact form data. Link to comment Share on other sites More sharing options...
Juergen Posted March 24, 2016 Author Share Posted March 24, 2016 The field is hidden. I think this could be the problem because all none hidden data will be submitted, but the value of the hiddenfield not. Link to comment Share on other sites More sharing options...
LostKobrakai Posted March 24, 2016 Share Posted March 24, 2016 Why would a hidden field not be submitted? Keep in mind that the caching does work on post/get data in the http request, so it does need to be submitted. Link to comment Share on other sites More sharing options...
Juergen Posted March 24, 2016 Author Share Posted March 24, 2016 Anyway it doesnt work at all. I leave the page uncached. Thanks for your efforts. Link to comment Share on other sites More sharing options...
tpr Posted March 24, 2016 Share Posted March 24, 2016 Do those fields get submitted if you deactivate cache entirely? Link to comment Share on other sites More sharing options...
Soma Posted March 24, 2016 Share Posted March 24, 2016 What exactly is the problem? If you may do a redirect after form processing, the post var is lost. 1 Link to comment Share on other sites More sharing options...
Juergen Posted March 24, 2016 Author Share Posted March 24, 2016 What exactly is the problem? If you may do a redirect after form processing, the post var is lost. Ok, this causes the problem. I use a redirect to the same page after there are no errors to prevent double form submission. After the redirect only the success message will be shown, but this only works if the cache is disabled. In my case I see the (empty) contact form again without the success message, because the page will be reloaded from the cache. This is the problem. Link to comment Share on other sites More sharing options...
LostKobrakai Posted March 24, 2016 Share Posted March 24, 2016 $session->redirect('./?nocache=1', false); Add that GET variable in your cache settings. Alternatively use one time csrf tokens for double submit prevention: // For your form $name = $session->CSRF->getgetTokenName('contact'); $value = $session->CSRF->getSingleUseToken('contact'); // On submission, will throw after the first validation try{ $session->CSRF->validate('contact'); } catch (WireCSRFException $e) { // Double or invalid submit } 2 Link to comment Share on other sites More sharing options...
Soma Posted March 24, 2016 Share Posted March 24, 2016 CSRF doesn't work with a cached form. The PRG post rdirect get is the best design pattern to prevent double submission in case of a refresh or going back in browser. 1 Link to comment Share on other sites More sharing options...
Juergen Posted March 24, 2016 Author Share Posted March 24, 2016 Thanks for your hints. I will leave the page uncached so I can use CSRF. The page loads quite fast so its not really necessary to use a cache. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now