I am using Yii 2.0.12 and php 7.1. The problem is when I added SSL certificate to my websites, it starts an error when I validate forms with POST actions second time. Error is Unable to verify your data submission.
What I mean: I go for example to contact page and make POST action first time. Everything is ok. When I do it second and all next times, it raises an error. But, if I add random param every time to page like site.com/contacts?test=1, everything works good.
The problem is in session verify (csrf perhaps) I guess.
I cleaned my .htaccess from cache files:
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine on
# SSL redirect
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ frontend/web/$1 [L]
</IfModule>
# Deny accessing below extensions
<Files ~ "(.lock|.git)">
Order allow,deny
Deny from all
</Files>
# Deny accessing dot files
RewriteRule (^\.|/\.) - [F]
and
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php
also I removed session in common.php:
// 'session' => [
// 'class' => 'yii\web\DbSession',
// 'db' => 'db',
// 'sessionTable' => 'session',
// ],
also I removed httpCache from behaviors().
On the other hand, on localhost I don't have this problems. Only after SSL added. My web hosting includes php modules:
ctype, curl, dom, fileinfo, filter, ftp, gd, hash, iconv, imagick, intl, json, mbstring, mcrypt, mysqli, opcache, openssl, pdo, pdo_mysql, session, simplexml, soap, sockets, timezonedb, tokenizer, xml, xmlreader, xmlwriter, xsl, zip
Apache:
autoindex_module, cgi_module, expires_module, headers_module, php_module, rewrite_module,
What can be wrong?