First of all, You must change component config to enable the default Yii CSRF validation.
First of all, You must change component config to enable the default Yii CSRF validation.
Getting "Expired token" errors ? Here is a solution to avoid invalid CSRF on POST or ajax requests, or user identity changes.