Untitled

$(document).on('change', '#tblhotel-int_zone_id', function(e){
    var zoneId = $(this).val();
    var form_data = {
        zone: zoneId
    };
    $.ajax({
        url: "state",
        type: "POST",
        data: form_data,
        success: function(response)
        {
            alert(response);
        }
    });
});

public function beforeAction($action) {
    $this->enableCsrfValidation = false;
    return parent::beforeAction($action);
}

var form_data = {
    zone: zoneId,
    _csrf: yii.getCsrfToken()
};

<script>
    $.ajaxSetup({
        data: <?= yiihelpersJson::encode([
            yii::$app->request->csrfParam => yii::$app->request->csrfToken,
        ]) ?>
    });
</script>

var csrfToken = $('meta[name="csrf-token"]').attr("content");
$.ajax({
    url: 'request',
    type: 'post',
    dataType: 'json',
    data: {param1: param1, _csrf : csrfToken},
});

public function beforeAction($action) {
    if($action->id == "action name need to disable")
        $this->enableCsrfValidation = false;
    return parent::beforeAction($action);
}

'components' => [
    'request'=>[
        'csrfParam'=>"othername"
    ],
    ...

'components' => [
    'request' => [
        'cookieValidationKey' => 'unique code',
        'csrfCookie' => ['httpOnly' => true, 'path' => '/admin/'],
    ],
],

'components' => [
    'request' => [
        'cookieValidationKey' => 'unique code',
        'csrfCookie' => ['httpOnly' => true, 'path' => '/'],
    ],
],

var form_data = {
    zone: zoneId
};
form_data[yii.getCsrfParam()]=yii.getCsrfToken();