I using Yii2 and enableCsrfValidation = true for form validate. But when i copy csrf token value(A) in form and refresh browser and edit csrf value (B) and paste last token (A) to html code. I still submit OK.
I have tried to switch to session and cookies are the same.
How to fix it, one request /one token?