Persist csrf-tokens and share them between servers?

[cjnqt]

Please let me know if I have understood this correctly:

• Crumb generates csrf-tokens and persist them as a cookie on the browser and in-memory on the server.
• Crumb doesn't persist tokens to db/cache/elsewhere by default, so it is intended for single-server use. If we'd like to divide web traffic between multiple servers, we need to persist the tokens somewhere so they're available to all servers.

[mtharrison]

I don't think it persists on the server at all. It just checks if the incoming token (from payload) is the same as the cookie value, so you can use it in multi-server scenarios.

[cjnqt]

Ah, I see. Thanx!

[lock[bot]]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.