https://segmentfault.com/q/1010000004450797
需要注意的是如果有做前后台分离的,需要把前后台配置的request组件的cookieValidationKey值设置成一致,如果不一致,刷新一方,另一方的csrf_token就会失效
$config = [
'components' => [
'request' => [
'cookieValidationKey' => 'xxxx',//你的key
],
],
];