Menu
I have inherited a symfony2 project which in the live environment runs in over 2 load balanced servers. The session is stored in the mysql database that the application uses for this reason.
The issue i am having is that on forms that have CSRF protection sometimes the token is coming back not valid. I am guessing this is because the server that generated the token isn't always the server that gets the form POST and can't match the token being sent.
I am very, very new to symfony and have tried a few different solutions to generate the token using the session and SessionCsrfProvider from the Symfony framework.
Can anyone point me in the right direction or has had a similar problem?
787
The CsrfProviders will generate tokens by concatenating secret key (from parameters.ini) + intention (defaults to null) + the session id.
By default, symfony is configured to use the SessionCsrfProvider, which uses the session storage id.
If you are using the PDOSessionStorage or NativeSessionStorage object, it will return the session_id().
It could mean your session_id() is not the same depending on what machine handles the request.
149
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
