Cookievalidationkey Must Be Configured With A Secret Key


i have updated yii2 today via composer and now this error is comming:

yii\web\Request::cookieValidationKey must be configured with a secret key.

can some one help ?


if ($this->cookieValidationKey == '') {

    throw new InvalidConfigException(get_class($this) . '::cookieValidationKey must be configured with a secret key.');


so …



'components' => [

    'request' => [

        'enableCookieValidation' => true,

        'enableCsrfValidation' => true,

        'cookieValidationKey' => 'xxxxxxx',



thank you :D

getting this issue in the api, does it need cookie validation?

ok just needed to turn it off in the api config.

'request' => [

    'enableCookieValidation' => false,

    'enableCsrfValidation' => false,


It started to happen to me after an framework update. The above are the workarounds that I understand shouldn’t be needed in a default app. Can anybody enlighten me?


Was announced by Qiang on facebook group!

Missed that, I’m not much of a FB fan… :)

Yah I just wanna chime in that I am not, and never have been, nor ever will be, a Facebook user. Im sure im not the only one!

which is the best workarround? disabling?

Nope, generate something random and dump it there. May be SHA2 of your name?

Thank you.