Yii2 Bad request from CSRF if page is inactive
(I am assuming there is no other request to your server from another browser window / tab, because that might change the CSRF as well)
The current CSRF is either stored in its own cookie or in the session. So basically it will expire if it has expired.
Basically, if you used Request::enableCsrfCookie
(which is the default), be sure to update the options Request::csrfCookie
that will expire later (you can add for that 'expire'
). The main value for this should be "session" (until the browser window is closed).
If you don't use this and the CSRF is stored in the session, you will have to activate the session TTL.
source to share