CBCSRF within a cluster lucee

I’m trying to use cbcsrf (within cbsecurity). Our stack is Lucee 5 round-robin clustered with shared sessions and objects caches.

When using csrf functions if the verify() action is performed with other server than served the form it always returns false.

I’m a little lost with the cache that I need to configure in each step:

cbcsrf → cbstorage → cachebox → lucee cache?

The lucee cache part is working with sessions (a external memcached server). But how can I use it in cbcsrf?

Thanks and happy intothebox conference :slight_smile: