Hi there
Long term user of Chronoforms and love it. However we have a fairly serious issue that occassionally a visitor will submit data which gets cached into the form, and so delivered to everyone else visiting the site. This is a major issue. We're using JCH optimise for caching, which does not cache a page when data is posted to it. I suspect the issue is caused by the form being posted with something that fails validation. The form seems to the use the session to represent the posted data to the customer so they can modify and repost, however this happens when the page is refreshed too - i.e. there is no post data being sent in. The lack of post data causes JCH (and most other caching plugins) to not see the content as 'exclude from cache' and so it caches it. Is there a way we can categorically ensure that the form never loads customer data into it, even if it's a failed submission?
We're disabling caching in the interim, but really need to have reliable form + cache combination on our sites.
Long term user of Chronoforms and love it. However we have a fairly serious issue that occassionally a visitor will submit data which gets cached into the form, and so delivered to everyone else visiting the site. This is a major issue. We're using JCH optimise for caching, which does not cache a page when data is posted to it. I suspect the issue is caused by the form being posted with something that fails validation. The form seems to the use the session to represent the posted data to the customer so they can modify and repost, however this happens when the page is refreshed too - i.e. there is no post data being sent in. The lack of post data causes JCH (and most other caching plugins) to not see the content as 'exclude from cache' and so it caches it. Is there a way we can categorically ensure that the form never loads customer data into it, even if it's a failed submission?
We're disabling caching in the interim, but really need to have reliable form + cache combination on our sites.
you said it, the page is cached by JCH, so Chronoforms can not control this, I think you should configure JCH to not cache the page with the form.
Chronoforms stores data in the user session in case the form submission fails.
Chronoforms stores data in the user session in case the form submission fails.
I'll follow up with JCH also; but Joomla site cache (core plugin which many use) would likely also have the same issue. Similarly, when using a system like CloudFlare, if there is user data returned in the content for an unlogged in session (i.e. public - which most contact forms are), then it's possible for the content to be cached and therefore poses a risk of leeking data if that is delivered to other users. Is there any way as part of the existing form builder interface to ensure that no data is ever pre-loaded into the form under any circumstances? Particularly in the instance of failed submission as this is when I believe it's occuring.
For me I excluded CF7 and CF8 from JCH cache. I'm curious what JCH thinks about this. You can report and send a link to the form.
CF7 was excluded, but it was still cached. Form output via module on page though, so suspect its not seeing it as Chronoforms component. Module was set to "no-cache". As above though even if JCH does not cache, then CloudFlare could on basis of page loaded without post data or unique query or logged in session. Really need to ensure there 100% no chance of user data being cache by any system, so would appreciate solution from ChronoForms side to ensure it cannot load form with data, even when trying to be helpful.
Chronoforms loads the form with data when the form submit fails, you do not want users to refill all fields when they have some error.
Cloudflare or JCH should be able to exclude specific pages in my opinion.
if you want to force reset data you may "try" the following PHP code at the top of the "load" page:
Cloudflare or JCH should be able to exclude specific pages in my opinion.
if you want to force reset data you may "try" the following PHP code at the top of the "load" page:
$this->data["field_name"] = ""; // repeat this for all fields in your form.
Thanks Max; will give above a try. JCH + CloudFlare do have options to allow you to explicitly not cache specific pages, however several of the sites that this occurs on have a generic contact form in the footer of every page - so it's not possible to make use of that work around. Am hoping above solves my problem - so thanks again for the prompt support response.
You need to login to be able to post a reply.
