CSRF validation issues!

Hi, I am currently facing a weird issue with the CSRF token, and can’t find the cause.

On the post, I see a correct token, but the cookie value is something like:

'YII_CSRF_TOKEN' => 'c738198d3b6ebe873b0b55b01d3059affc98cc94s:40:\"5f99522748b2fc1704a73a335f0df9645a97c0c7\";'

Im on v1.1

Any clue? idea??
Thanks in advance!!

In the cookie it is signed and serialized so it doesn’t match 1:1. Do you have any issue with it as a user?

Hi Alexander, thanks for your reply.
I am not 100% sure what you meant, but the problem i am having is:

On the POST request, I see the token is correct:

But the value on the cookie, some times looks something like:

So it looks like the getCsrfToken() is failing and im concatenating a 2nd token to the original one.

Since the feature is not fully working yet, I am not throwing the exception to users (‘The CSRF token could not be verified.’), and instead of that I am logging this situations to control internally…

Hope it is more clear now, and thanks for helping!!
I have been dealing with this issue for couple weeks without success.