CSRF timeout is increased by increasing the token time because tokens default uses sessions.

In Phalcon, CSRF (Cross-Site Request Forgery) protection timeout can be adjusted by modifying the session expiration time since CSRF tokens are typically managed through sessions. You can increase the CSRF timeout by adjusting the session configuration in Phalcon’s configuration files.

Here’s how you can achieve this:

Identify Session Configuration: First, locate the session configuration file in your Phalcon project. It’s typically located in the config directory and named something like config.php or services.php.
Adjust Session Timeout: Look for the session configuration parameters related to the session timeout or expiration time. These parameters might include lifetime, cookie_lifetime, or similar. The exact parameter names might vary depending on how your application is set up.
Increase Timeout Value: Increase the value of the session timeout parameter to the desired duration. This duration represents the time after which the session expires, and consequently, CSRF tokens become invalid.
Save Configuration Changes: After making the necessary adjustments, save the changes to the configuration file.
Test: Finally, test your application to ensure that the CSRF timeout has been increased as expected. You can do this by monitoring the expiration time of CSRF tokens and verifying that they remain valid for the extended duration.

Remember that adjusting the session timeout affects the overall session management in your application, so make sure to consider any potential implications on user experience and security. Additionally, always follow best practices for CSRF protection and session management to maintain the security of your Phalcon application.