I am having an intermittent problem with the CSRF element in a ZF3 ajax form. I am using the following to configure the element
$this->add([
'type' => Element\Csrf::class,
'name' => 'onlineGameCsrf',
'options' => [
'csrf_options' => [
'timeout' => 600,
],
],
]);
and including in the form using
echo $this->formRow($form->get('onlineGameCsrf'));
Most of the time this works as it should but every so often, maybe one in ten times, it fails. The logs show the following error.
[notSame] => The form submitted did not originate from the expected site
I have tried a couple of 'fixes' that I have found on SO and elsewhere. The first was moving $form->prepare() to the view file and another was to increase the timeout in the configuration. Neither of these worked, though perhaps I wasn't increasing the timeout enough (I went to a max of 2000).
I am using the same CSRF element elsewhere in the site on non-ajax forms and it is working correctly with no issues.
Any help would be much appreciated.
Thanks.