CiviCRM Wordpress invalid session / qfkey errors

17 April 2018

CiviCRM Wordpress invalid session / qfkey errors with online registration or signup pages.

CiviCRM online registrations / signups in wordpress are generally hit by session / qfkey errors, and are more common in wordpress than drupal. There is a list of incompatible plugins listed on the CiviCRM docs site - https://docs.civicrm.org/sysadmin/en/latest/integration/wordpress/incomp....

We experienced this issue and now would like to share our findings with you in this post.

Problem:

Open a CiviCRM event registration page in one browser, no details are completed, hit submit - throws an error, which is expected.

Open the same event registration page in another browser, again don't compelte any details, hit submit => does not throw any errors, just refreshes the page OR throws invalid session key error OR if used with a shortcode gives id not found error.

Investigation:

If we look at the source code of a page in the second browser, the hidden qfKey element is ppopulated with qfKey from the first browser. Which is wrong because browsers would have their own different session key producing the separate qfKeys for civi. When we looked at the code, the code was correctly producing the new qfKeys, but html was producing different (stale) qfKey, causing invalid session key errors. Concluding that the page is getting cached somewhere.

We tried disabling all the cache plugins, and / or setting up cache plugins and adding exceptions for civi pages, which didn't seem to work for our case.

There were some php save-path errors as well (php v5.6 on plesk), but resolving them didn't solve our issue.

We started looking at theme, and found that the custom theme was using Timber which was caching the pages. (Timber helps you create fully-customized WordPress themes faster with more sustainable code. With Timber, you write your HTML using the Twig Template Engine separate from your PHP files.)

Specifying a small cache timeout with Timber solved the problem.

Conclusion / findings:

Disabling caching with Civi front end forms would resolve most of the session key errors with wordpress. It looks as though if we can automate and compare the qfkey generated by html vs code, this problem can be resolved quickly.

So, whats causes a page to cache? If its not wordpress, then it looks like a plugin or theme.

We hope you find this blog useful and that it will save you some time to troubleshoot this issue. Do leave us a comment below if you have any feedback!

Thanks,

Deepak Srivastava

deepak at vedaconsulting dot co dot uk

Keep in touch, we value relations!

Connect with us