Compartir a través de


Fixing the "The security validation of this page has timed out" error in SharePoint 2010.

Ever faced the annoying "The security validation of this page has timed out" error in SharePoint 2010?

I believe, if you guys have ever used the following tag in a Custom SharePoint Application Page and were trying to validate the Form Digest token on the server for POST requests initiated using JavaScript, you might have encountered the error usually after 30 mins of inactivity on the page.

<SharePoint:FormDigest ID="fdToken" runat="server" />

The error encountered is as below:

 

Why timeout happens after 30 minutes & what is the conventional way to fix this issue?

I recommend to you to read the following post from Microsoft to understand the reason in detail:

https://support.microsoft.com/en-us/kb/888828

 

What's the fix?

The fix is rather very simple and is a two step process in SharePoint 2010:

1. Execute any random query on SharePoint using JavaScript Client Side Object Model. I've used the following in my code:

2. Fetch the value of request digest token again using the following code and assign it as the value of headers for your Ajax call:

      $("[name='__REQUESTDIGEST']").val();

 

Why would such a silly fix work?

If you check the internals of the ClientContext class in Microsoft.SharePoint.Client.dll, you'll find the answer yourself. However, to save your effort of decompiling the dll here's the reason:

1. The ClientContext class has only one publicly overridden method - ExecuteQuery() . The code for ExecuteQuery() method after decompiling the dll is as below:

If you check closely, the first call is made to the EnsureFormDigest() method inside the ExecuteQuery() method.

2. Looking closely to what the EnsureFormDigest() method does will give you the answer. Here's is what it does:

The EnsureFormDigest() method internally calls the BuildGetUpdatedFormDigestInforequestBody() method which makes sure that you always get the updated form digest token value instead of the stale in case you still are on the page and inactivity has occurred. 

 

I hope this might prove useful to you.

Thanks!