Update ProcessLogin to auto-refresh the login form every 5 minutes of non-activity. This helps to avoid cases where a login form sits for a long period and has its CSRF key expire. It can prevent this error at login: "This request was aborted because it appears to be forged."

wire/modules/Process/ProcessLogin/ProcessLogin.js

@@ -13,12 +13,35 @@ $(document).ready(function() {
 	}
 	$("#login_hidpi").val(hidpi ? 1 : 0);
 
+	var startTime = parseInt($('#login_start').val()); // GMT/UTC
+	var maxSeconds = 300; // max age for login form before refreshing it (300=5min)
+	
+	// force refresh of login form if 5 minutes go by without activity
+	var watchTime = function() {
+		var ts = Math.floor(new Date().getTime() / 1000);
+		var elapsedSeconds = ts - startTime;
+		if(elapsedSeconds > maxSeconds) {
+			window.location.href = './?r=' + ts;
+		}
+	};
+	
+	// reload immediately if we received browser cached login form watchTime(); 
+	watchTime();
+	
+	var interval = setInterval(watchTime, 5000);
+	
+	$('#login_name, #login_pass').on('keydown', function() {
+		clearInterval(interval);
+		interval = setInterval(watchTime, 5000);
+	});
+	
 	// via @Toutouwai #84
 	$('#ProcessLoginForm').submit(function() {
 		var $html = $('html');
 		var touch = $html.data('whatintent') == 'touch' || $html.data('whatinput') == 'touch';
+		clearInterval(interval);
 		$('#login_touch').val(touch ? 1 : 0);
 		$('#login_width').val($(window).width());
 	});
-	
-}); 
+
+}); 

wire/modules/Process/ProcessLogin/ProcessLogin.min.js

@@ -1 +1 @@
-$(document).ready(function(){if(window.devicePixelRatio>1){var a=true}else{var b="(-webkit-min-device-pixel-ratio: 1.5), (min--moz-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3/2), (min-resolution: 1.5dppx)";var a=window.matchMedia&&window.matchMedia(b).matches}$("#login_hidpi").val(a?1:0);$("#ProcessLoginForm").submit(function(){var c=$("html");var d=c.data("whatintent")=="touch"||c.data("whatinput")=="touch";$("#login_touch").val(d?1:0);$("#login_width").val($(window).width())})});
+$(document).ready(function(){if(window.devicePixelRatio>1){var hidpi=true}else{var media="(-webkit-min-device-pixel-ratio: 1.5), "+"(min--moz-device-pixel-ratio: 1.5), "+"(-o-min-device-pixel-ratio: 3/2), "+"(min-resolution: 1.5dppx)";var hidpi=window.matchMedia&&window.matchMedia(media).matches}$("#login_hidpi").val(hidpi?1:0);var startTime=parseInt($("#login_start").val());var maxSeconds=300;var watchTime=function(){var ts=Math.floor((new Date).getTime()/1e3);var elapsedSeconds=ts-startTime;if(elapsedSeconds>maxSeconds){window.location.href="./?r="+ts}};watchTime();var interval=setInterval(watchTime,5e3);$("#login_name, #login_pass").on("keydown",function(){clearInterval(interval);interval=setInterval(watchTime,5e3)});$("#ProcessLoginForm").submit(function(){var $html=$("html");var touch=$html.data("whatintent")=="touch"||$html.data("whatinput")=="touch";clearInterval(interval);$("#login_touch").val(touch?1:0);$("#login_width").val($(window).width())})});

wire/modules/Process/ProcessLogin/ProcessLogin.module

@@ -45,7 +45,7 @@ class ProcessLogin extends Process implements ConfigurableModule {
 		return array(
 			'title' => 'Login',
 			'summary' => 'Login to ProcessWire',
-			'version' => 108,
+			'version' => 109,
 			'permanent' => true,
 			'permission' => 'page-view',
 		);
@@ -761,6 +761,12 @@ class ProcessLogin extends Process implements ConfigurableModule {
 			$f->attr('value', 0);
 			$this->form->add($f);
 		}
+	
+		/** @var InputfieldHidden $f */
+		$f = $modules->get('InputfieldHidden');
+		$f->attr('id+name', 'login_start');
+		$f->val(gmdate('U')); // GMT/UTC unix timestamp of when login form was rendered
+		$this->form->add($f);
 
 		$s = 'script';
 		$jsError = str_replace('{out}', $this->labels('fail-javascript'), $this->markup('error'));