diff --git a/src/Controller/Component/CsrfComponent.php b/src/Controller/Component/CsrfComponent.php
index e09c8a91805..030883747f7 100644
--- a/src/Controller/Component/CsrfComponent.php
+++ b/src/Controller/Component/CsrfComponent.php
@@ -61,6 +61,19 @@ class CsrfComponent extends Component
         'field' => '_csrfToken',
     ];
 
+    /**
+     * Warn if CsrfComponent is used together with CsrfProtectionMiddleware
+     *
+     * @param array $config The config data.
+     * @return void
+     */
+    public function initialize(array $config)
+    {
+        if ($this->getController()->request->getParam('_csrfToken') !== false) {
+            triggerWarning('CSRF token already defined. Disable CsrfComponent if you use CsrfProtectionMiddleware.');
+        }
+    }
+
     /**
      * Startup callback.
      *