SOLVED: Using CF forms on non-Joomla/external sites

growfish 16 Dec, 2009
I built a Joomla 1.0.x site for a client back in 2007 that is using CF 2.3.2. They have a signup form on their site to collect leads. A few years ago they also wanted to set up some landing pages that would be hosted on their site but NOT part of their Joomla site - they are just standard HTML pages.

I pulled this off by simply viewing the source on the CF form page when in Joomla, copied all the code and placed it on an HTML page. All I pretty much had to do was change the relative links to absolute URLs (for the CSS, JS and Action code) and it worked perfectly. Over the years I've duplicated these landing pages dozens and dozens of times for them.

Well I finally talked to client into upgrading to J 1.5 which of course meant a upgrade to the current CF. Great!

Unfortunately, it seems my little trick with using CF forms NOT within the Joomla site has stopped working with either of the new J! or CF. NO!!!!!

I get the infamous error:

"* Your session has expired. Please log in again.

There is no form with this name or may be the form is unpublished, Please check the form and the url and the form management"

This error only shows the first time you submit the form. You can go back and resubmit the form with no problem. So, it's tied to the whole sessions/token issue within J. I guess since the user hasn't visited the J site yet (since the form is an external page) it doesn't let them submit the form at first. Once the error page loads they start their session and are then able to go back and successfully submit.

Yes, the form is published and I've disabled "check token". Happens if session time in Global is set to 1 min or 1 hour. It all works fine when viewed and submitted within Joomla, but not on external pages. The entire page code was duplicated exactly so I'm sure it's not a issue of something missing in my code.

Again, I have this working as we speak with J 1.0.x and CF 2.3.2 - what's the deal with these new versions not letting it work?!

I seriously need a hack or something to fix this. I've talked the client into upgrading and spending all this $ because of all these cool features and now we have 100 + landing pages that don't work!!!

Any advice would be greatly appreciated!
GreyHead 17 Dec, 2009
Hi growfish,

Joomla introduced a security token check to prevent some cross-site scripting vulnerabilities around Joomla 1.5.10 if I recall correctly. The potential risk is that a user high-jacks a browser session from another user and uses the high-jacked session to inject code (don't ak me for more detail - I don't properly understand even that much).

ChronoForms has an option to turn the Session Token off on the form General Tab. But the option isn't terribly well implemented (Fredrik pointed that out in a post here a few months ago). It's still worth trying the form with it turned off, it does seem to work for some users.

As an alterantive, you could just make the landing pages inside Joomla but use &tmpl=component in the url so that the template is hidden - assuming that is the main reason for the external pages.

growfish 17 Dec, 2009
thanks for the comment. yea turning the session token off in CF has no effect what so ever. no way to disable that part of the J core? any other ideas how to pull this off?
growfish 17 Dec, 2009
well i think i figured this one out. i went back and studied Fredrik's post ( and implemented his code tweak. that seems to of fixed the issue perfectly!

hopefully this helps someone else in the future looking to use CF forms on non-joomla pages/sites AND their joomla site.
This topic is locked and no more replies can be posted.