I'm using Symfony 1.4 with the sfGuardPlugin. If my session times out while I'm sitting on a page within the app, and I try to submit a form that is on that page, I will get redirected to the login page (this is good, because my session has timed out). But it thinks the login form has already been submitted, and that I've failed validation -- username, password, and CSRF are all missing and required.
Why does it think I've already submitted the login form, and why is the CSRF empty?
Now as a user I would be totally stuck, because I'm on the login page and the hidden CSRF field is empty. Even if I fill in the username and password, I can never pass validation because the CSRF is required.
I'm not really sure where to look. My sfGuardPlugin configuration is fairly standard, I think. The login page and the CSRF protection generally works fine.
The action I'm using just does
$this->form->bind($request->getParameter($this->form->getName()), $request->getFiles($this->form->getName()));
