By default, the session state is set by default to time out after 60 minutes. Unfortunately, my form was a lengthy HR form, that often times took users longer than 60 minutes to fill out – usually becuase they were interrupted and had to do something else and come back to it. And then when they try to submit the form they would be shown a lovely “Crtical Error” message that doesn’t let them retrieve or save any of their information.
I was pulling my hairs out for a quite a few hours last week trying to figure out why browser-based InfoPath forms were giving my users these Critical Error Security Validation Time Outs. You would think there’d be a setting for this somewhere under the Web Application’s General Settings or at least under the InfoPath Forms Services section within Central Administration right? Sorry bub, this setting is actually managed under Central Admin > Application Management > Office SharePoint Server Shared Services > Configure Session State.
The SharePoint Swiss Army Knife 
Thanks! What a great tip, I also have an HR review form that Ive been working on and this started to become an issue. Ive been messing with some workflows and was able to have the form open in a different view based on if the person opening the form is their manager or themselves. If someone else opens it, it shows a different view with a custom error screen that i developed, way cool technology!
I can’t get enough of your blog, you are an excellent writer!
One of my clients in the field is trying to use an browser-based InfoPath form. In the first view of the form they select a value from drop-down and click “Next”. They are getting “Critical error. An error occurred submitting this form to the Web server.” error. I on the otherhand can login as that client and open and submit the form without any issues. Do you have any ideas about this one? I think this Critical error is different than your Security Validation time outs.
Environment: InfoPath 2010 – Browser based.