I’m trying to use cbcsrf (within cbsecurity). Our stack is Lucee 5 round-robin clustered with shared sessions and objects caches.
When using csrf functions if the verify() action is performed with other server than served the form it always returns false.
I’m a little lost with the cache that I need to configure in each step:
cbcsrf → cbstorage → cachebox → lucee cache?
The lucee cache part is working with sessions (a external memcached server). But how can I use it in cbcsrf?
Thanks and happy intothebox conference 
1 Like
No problem. To do this distribution you have to do it be levels
-
Lucee cache.
Create the Lucee cache that is distributed. Configure it and give it a name. Let’s say it’s called “cluster”
-
CacheBox Cache
Configure a Lucee cache in cachebox that points to the “cluster” cache. Call it cluster too.
-
Cbstorages.
Cbcsrf uses the cache storage in cbstorages. So just configure it to point to the cluster cache.
1 Like
Thanks Luis!
As always your response give the correct path to the solution. We have a mistake in the cachebox config.
Just for information for others:
config/CacheBox.cfc configure() method:
cacheBox = {
caches = {
cluster = {
provider = "coldbox.system.cache.providers.LuceeProvider",
cacheName = "cluster"
}
}
}
config/Coldbox.cfc moduleSettings:
cbstorages = {
cacheStorage = {
cacheName: "cluster",
timeout: 30,
identifierProvider: ""
}
}