![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![[DEALS] The Premium Learn to Code Certification Bundle (97% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From drop-out to software architect with Jason Lengstorf [Podcast #167]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743796461357/f3d19cd7-e6f5-4d7c-8bfc-eb974bc8da68.png?#)
.png?#)
_Christophe_Coat_Alamy.jpg?#)
.webp?#)
![Apple Considers Delaying Smart Home Hub Until 2026 [Gurman]](https://www.iclarified.com/images/news/96946/96946/96946-640.jpg)
![iPhone 17 Pro Won't Feature Two-Toned Back [Gurman]](https://www.iclarified.com/images/news/96944/96944/96944-640.jpg)
![Tariffs Threaten Apple's $999 iPhone Price Point in the U.S. [Gurman]](https://www.iclarified.com/images/news/96943/96943/96943-640.jpg)
Cloudflare Turnstile NextJS: Invalid Token Error on Repeated Submissions
Was used in notlink — a blazingly fast url shortener ever built with rust programming language. Check: https://notl.ink The “Invalid token” error occurs because the Turnstile token is being reused for multiple submissions. Cloudflare Turnstile tokens are single-use; once validated, they can’t be used again. Here’s how to fix it: Reset the Turnstile widget after each submission Update your frontend code to reset the Turnstile widget and clear the token state after submission: // Add a ref to the Turnstile component const turnstileRef = useRef(); async function handleShorten(val: string) { // ... existing code ... try { const response = await fetch(/api/shorten, { /* ... */ }); const data: ShortURLResponse = await response.json(); // Reset Turnstile after successful submission turnstileRef.current?.reset(); setTurnstileToken(""); setTurnstileStatus("required"); } catch (error) { console.error('Error:', error); } finally { setLoading(false); // Ensure Turnstile is reset even if there's an error turnstileRef.current?.reset(); setTurnstileToken(""); setTurnstileStatus("required"); } } // Update your Turnstile component with the ref ref={turnstileRef} siteKey={process.env.TURNSTILE_SITE_KEY!} // ... other props ... /> (Optional) Clear token state on expiration/error Enhance your Turnstile event handlers: // ... other props ... onExpire={() => { setTurnstileStatus("expired"); setTurnstileError("Security check expired. Please verify again."); setTurnstileToken(""); // Clear expired token }} onError={() => { setTurnstileStatus("error"); setTurnstileError("Security check failed. Please try again."); setTurnstileToken(""); // Clear invalid token }} /> Why this works: Each submission now requires a fresh Turnstile verification The token state is cleared after submission/errors/expiration The Turnstile widget is reset to force a new challenge Additional recommendations for your backend: Ensure your idempotencyKey implementation matches Turnstile's requirements Consider adding rate limiting to prevent abuse Verify the token expiration time (typically 5 minutes) By implementing these changes, users will need to complete a new Turnstile verification for each submission, preventing token reuse and the “Invalid token” error.
Was used in notlink — a blazingly fast url shortener ever built with rust programming language. Check: https://notl.ink
The “Invalid token” error occurs because the Turnstile token is being reused for multiple submissions. Cloudflare Turnstile tokens are single-use; once validated, they can’t be used again. Here’s how to fix it:
- Reset the Turnstile widget after each submission
Update your frontend code to reset the Turnstile widget and clear the token state after submission:
// Add a ref to the Turnstile component
const turnstileRef = useRef();
async function handleShorten(val: string) {
// ... existing code ...
try {
const response = await fetch(/api/shorten, { /* ... */ });
const data: ShortURLResponse = await response.json();
// Reset Turnstile after successful submission
turnstileRef.current?.reset();
setTurnstileToken("");
setTurnstileStatus("required");
} catch (error) {
console.error('Error:', error);
} finally {
setLoading(false);
// Ensure Turnstile is reset even if there's an error
turnstileRef.current?.reset();
setTurnstileToken("");
setTurnstileStatus("required");
}
}
// Update your Turnstile component with the ref
ref={turnstileRef}
siteKey={process.env.TURNSTILE_SITE_KEY!}
// ... other props ...
/>
- (Optional) Clear token state on expiration/error
Enhance your Turnstile event handlers:
// ... other props ...
onExpire={() => {
setTurnstileStatus("expired");
setTurnstileError("Security check expired. Please verify again.");
setTurnstileToken(""); // Clear expired token
}}
onError={() => {
setTurnstileStatus("error");
setTurnstileError("Security check failed. Please try again.");
setTurnstileToken(""); // Clear invalid token
}}
/>
Why this works:
Each submission now requires a fresh Turnstile verification
The token state is cleared after submission/errors/expiration
The Turnstile widget is reset to force a new challenge
Additional recommendations for your backend:
Ensure your idempotencyKey implementation matches Turnstile's requirements
Consider adding rate limiting to prevent abuse
Verify the token expiration time (typically 5 minutes)
By implementing these changes, users will need to complete a new Turnstile verification for each submission, preventing token reuse and the “Invalid token” error.
