I have a very strange problem. I have a login form in Yii which works fine. After moving the website to another server I get
Error 400 The CSRF token could not be verified
I don't understand why it is working on the development server but not on the new server. here is my code:
<div class="form">
<?php $form=$this->beginWidget('CActiveForm', array(
'id'=>'login-form',
'enableClientValidation'=>true,
'clientOptions'=>array(
'validateOnSubmit'=>true,
),
)); ?>
<div class="row">
<?php echo $form->labelEx($model,'username'); ?>
<?php echo $form->textField($model,'username'); ?>
<?php echo $form->error($model,'username'); ?>
</div>
<div class="row">
<?php echo $form->labelEx($model,'password'); ?>
<?php echo $form->passwordField($model,'password'); ?>
<?php echo $form->error($model,'password'); ?>
</div>
<div class="row buttons">
<?php echo CHtml::submitButton('Submit'); ?>
</div>
<?php $this->endWidget(); ?>
and here is the csrf configuration in my config file:
'enableCsrfValidation' => !isset($_POST['dontvalidate']) ? true : false,
if you need to see the example. Here is the one which is working, and here is the one with the problem
I opened the first example and found this html in source, This is correct.
<input type="hidden" value="df5a0fc9ab86f85cdcdabe6b2ee62e85d3ac0323"
name="YII_CSRF_TOKEN" />
on the second example page, I haven't found any html code as above. That means enableCsrfValidation is set to false in second example.
try debugging $_POST['dontvalidate'] in this page (or in config/main.php ).