By default, the session state is set by default to time out after 60 minutes. Unfortunately, my form was a lengthy HR form, that often times took users longer than 60 minutes to fill out – usually becuase they were interrupted and had to do something else and come back to it. And then when they try to submit the form they would be shown a lovely “Crtical Error” message that doesn’t let them retrieve or save any of their information.  

I was pulling my hairs out for a quite a few hours last week trying to figure out why browser-based InfoPath forms were giving my users these Critical Error Security Validation Time Outs. You would think there’d be a setting for this somewhere under the Web Application’s General Settings or at least under the InfoPath Forms Services section within Central Administration right? Sorry bub, this setting is actually managed under Central Admin > Application Management > Office SharePoint Server Shared Services > Configure Session State.