I’m trying to use cbcsrf (within cbsecurity). Our stack is Lucee 5 round-robin clustered with shared sessions and objects caches.
When using csrf functions if the verify() action is performed with other server than served the form it always returns false.
I’m a little lost with the cache that I need to configure in each step:
cbcsrf → cbstorage → cachebox → lucee cache?
The lucee cache part is working with sessions (a external memcached server). But how can I use it in cbcsrf?
Thanks and happy intothebox conference