Skip to main content
Open

Loosen CSRF token time

Related products:CC Community
  • October 6, 2025
  • 4 replies
  • 64 views
Jasper
  • Jasper
  • Contributor ⭐️⭐️⭐️⭐️

When users want to reply to topics, they often open multiple topics in different tabs, but because there the CSRF token has a limited time they receive errors when they try to post. When the error 'Something went wrong’ happens, users lose the post they have typed and they need to do it again. That doesn't motivate people to help others.

I understand the CSRF token is for security, but the way it works now it feels more like it's punishing users for using the platform in a natural way.

Could the length of the CSRF be loosend or is there another option to reduce those erros? Or at least make sure the user doesn't lose their typed message when this error happens.

    4 replies

    rschlette
    Forum|alt.badge.img+2
    • rschlette
    • Expert ⭐️
    • October 6, 2025

    Even if the validity period for the token can’t be increased, the token can be validated in the background on a regular interval. That would let the UI team make the ‘Send’ button inactive if the token is expired and/or show a helper message below the response box to describe that ‘something’ that goes wrong before it goes wrong.

      L
      • Larry
      • Gainsight Employee ⭐️
      • April 3, 2026
      New IdeaOpen
      L
      • Larry
      • Gainsight Employee ⭐️
      • April 3, 2026

      @Jasper 

      Thanks for raising this and good follow-up from ​@rschlette too.

      Keeping this open for now as it's worth digging into.

      One angle I'm curious about your thoughts on: would auto-saving your draft fix most of the frustration here? The core pain seems to be losing what you typed, regardless of why the error happened. If the reply box saved your text locally so you could just pick up where you left off, would that address it for you?

      Would love to hear what others think too.

        Jasper
        • Jasper
        • Author
        • Contributor ⭐️⭐️⭐️⭐️
        • April 7, 2026

        Hi ​@Larry, I think users will still be anoyed when they get an error, but saving the draft will significantly lessen that pain. So yes, I do think that would address the issue on our side.

          Terms & ConditionsCookie settingsAccessibility statement