web\Request $enableCsrfCookie

Whether to use cookie to persist CSRF token. If false, CSRF token will be stored in session under the name of $csrfParam. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page, which will degrade your site performance.