Yii - Error 400 The CSRF token could not be verified

Question

I have a very strange problem. I have a login form in Yii which works fine. After moving the website to another server I get

Error 400 The CSRF token could not be verified

I don't understand why it is working on the development server but not on the new server. here is my code:

<div class="form">

<?php $form=$this->beginWidget('CActiveForm', array(
    'id'=>'login-form',
    'enableClientValidation'=>true,
    'clientOptions'=>array(
       'validateOnSubmit'=>true,
    ),
)); ?>


<div class="row">
    <?php echo $form->labelEx($model,'username'); ?>
    <?php echo $form->textField($model,'username'); ?>
    <?php echo $form->error($model,'username'); ?>
</div>

<div class="row">
    <?php echo $form->labelEx($model,'password'); ?>
    <?php echo $form->passwordField($model,'password'); ?>
    <?php echo $form->error($model,'password'); ?>
</div>

<div class="row buttons">
    <?php echo CHtml::submitButton('Submit'); ?>
</div>

<?php $this->endWidget(); ?>

and here is the csrf configuration in my config file:

'enableCsrfValidation' => !isset($_POST['dontvalidate']) ? true : false,

if you need to see the example. Here is the one which is working, and here is the one with the problem

Answer 1

I opened the first example and found this html in source, This is correct.

<input type="hidden" value="df5a0fc9ab86f85cdcdabe6b2ee62e85d3ac0323" 
      name="YII_CSRF_TOKEN" />

on the second example page, I haven't found any html code as above. That means enableCsrfValidation is set to false in second example.

try debugging $_POST['dontvalidate'] in this page (or in config/main.php ).