That means that you’ve got a post form that’s submitting an invalid CSRF token. See https://book.cakephp.org/3.0/en/controllers/middleware.html#csrf-middleware for more information.
If you would like any more help, you’re going to have to give us way more information that just a small snippet of a screenshot.
It was ok before upgrade to 3.6.
I replaced bin and config dir
Error appear when i login. I use cakedc users plugin
Have you followed the full 3.6 migration guide?
I see you are still using the old CsrfComponent, you need to use the new middleware in 3.6
Based on that, I assume that you’ve used the default one, which automatically loads the middleware CSRF protector. This would clash with the component, and could quite easily cause the issue you are seeing.
OK should i remove components from Appcontroller
You should remove loadComponent(‘Csrf’). It’s deprecated.
However, it’s not the cause of your problem.
You should upgrade your CakeDC/Users plugin to the newest version to be compatible with CakePHP 3.6.
Remember to change your configuration files of CakeDC/Users (permission and users) after upgrading. Use the sample files to make changes.
It took me a few days to fix all errors when migrating to CakePHP 3.6. The CSRF error is the most annoying thing to me. I had to search, try-and-fail a lot of times. Most of the time, it happens when calling AJAX.
If you have any trouble, I can help you.
Thanks for your reply.
Yes. I removed Csrf component and upgraded Debug kit and Users plugin now it works good.
I am building rest API. I configured CORS on middleware and it work good.
Can you help me, ???
I didn’t know how to upgrade and remove the loadcomponent