I have a question regarding CSRF-validation and load balancing:
I’m using a load balancer between two servers, and I have the sessions in db. This works fine and sessions are handled correctly.
The problem I have, is that when the CSRF-validation is set to true in the main-config, the CSRF-token is not verified when the load balancer switches between the servers.
Does anyone have any solution for this? Should I save the CSRF-token on the file server or in db? The CSRF-cookie doesn’t work at all here.
We are using shared sessions via db, but the CSRF-token is in a cookie, and it is always created when a form is created. So, when the server switches, the CSRF-token value is changed, which leads to that the CSRF-token is not validated. I don’t really know what to do here, as it would be essential to have the CSRF-validation on.
It would be nice to be able to configure the CSRF-validation to skip validation from predefined servers.
Sorry to resurrect this topic, but I’m facing the same problem. Has anyone found a workable solution? Preferably involving replicating the CSRF token via db or something similar?
I want to deploy my Yii application in two web servers. I just got an idea: resolve load balancing through the links. That is, I will configure two web servers:
