CBCSRF within a cluster lucee

I’m trying to use cbcsrf (within cbsecurity). Our stack is Lucee 5 round-robin clustered with shared sessions and objects caches.

When using csrf functions if the verify() action is performed with other server than served the form it always returns false.

I’m a little lost with the cache that I need to configure in each step:

cbcsrf → cbstorage → cachebox → lucee cache?

The lucee cache part is working with sessions (a external memcached server). But how can I use it in cbcsrf?

Thanks and happy intothebox conference :slight_smile:

1 Like

No problem. To do this distribution you have to do it be levels

  1. Lucee cache.
    Create the Lucee cache that is distributed. Configure it and give it a name. Let’s say it’s called “cluster”

  2. CacheBox Cache
    Configure a Lucee cache in cachebox that points to the “cluster” cache. Call it cluster too.

  3. Cbstorages.
    Cbcsrf uses the cache storage in cbstorages. So just configure it to point to the cluster cache.

1 Like

Thanks Luis!

As always your response give the correct path to the solution. We have a mistake in the cachebox config.

Just for information for others:

config/CacheBox.cfc configure() method:

    cacheBox = {
        caches = {
            cluster = {
              provider = "coldbox.system.cache.providers.LuceeProvider",
              cacheName = "cluster"

config/Coldbox.cfc moduleSettings:

  cbstorages = {
        cacheStorage = {
          cacheName:  "cluster",
          timeout: 30,
          identifierProvider: ""