Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

Vokuro CSRF validation failed after move from Windows to Centos


i moved my system to another server. But now i get always CSRF validation failed, when i want to login or register. All caches are cleared before.

I am using phalcon 3.0, PHP 5.6.24 and Centos 7. I must say that my local machine is on a windows xampp system with a different PHP Version (7.0.9).

Rgds Stefan

edited Aug '16

check network tab, make sure there are not requests between form display and form submit. Like "favicon" request and stuff

Also make sure session service is registred and working


Hi Izo,

thx for your answer and please more help :-)

Ok now i have the problem, where i have to insert this code.

In Vokuro the forms will generate in 1 initialize() function and here is the CSRF implementaion:

namespace Vokuro\Forms;

use Phalcon\Forms\Form;
use Phalcon\Forms\Element\Text;
use Phalcon\Forms\Element\Password;
use Phalcon\Forms\Element\Submit;
use Phalcon\Forms\Element\Check;
use Phalcon\Forms\Element\Hidden;
use Phalcon\Validation\Validator\PresenceOf;
use Phalcon\Validation\Validator\Email;
use Phalcon\Validation\Validator\Identical;

 class LoginForm extends Form

public function initialize()
    // Email
    $email = new Text('email', [
        'placeholder' => 'Email'

        new PresenceOf([
            'message' => 'The e-mail is required'
        new Email([
            'message' => 'The e-mail is not valid'


    // Password
    $password = new Password('password', [
        'placeholder' => 'Password'

    $password->addValidator(new PresenceOf([
        'message' => 'The password is required'



    // Remember
    $remember = new Check('remember', [
        'value' => 'yes'

    $remember->setLabel('Remember me');


    // CSRF
    $csrf = new Hidden('csrf');

    $csrf->addValidator(new Identical([
        'value' => $this->security->getSessionToken(),
        'message' => 'CSRF validation failed'



    $this->add(new Submit('go', [
        'class' => 'btn btn-success'

Now i have also to implement this workaround. Please can you give me a short trick to do that.




Hi Stefan,

i dont know what does this do


perhaps it has to be

    $csrf = new Hidden('csrf');

    $tokenVal = $this->security->getSessionToken();

    $csrf->addValidator(new Identical([
        'value' => $tokenVal,
        'message' => 'CSRF validation failed'



let me know if changes anythign for you


btw i do it following this example here

with writing my input in the view directly. And after that i check if myself in the action.


No sorry, this is not working, but i will try the action variant


Hi Izo,

got it!!! I have changed the /session permission recursive in /usr/lib/php/.

The solution from Thien works for me:

Thx again Stefan