We are trying to use the CSRFverifyToken() method to validate our token form variable and with SessionCluster turned on it always comes back as false.
Windows 10 64 bit install
Debugging Information
Lucee (Neo) Os FINAL 4.5.3.009 (CFML Version 10,0,0,0)
Template /wwwroot/index.cfm (C:\workspace\wwwroot\index.cfm)
Time Stamp Mar 17, 2016 6:22 AM
Time Zone America/Chicago
Locale English (us)
User Agent Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
Remote IP 127.0.0.1
Host Name promotion.dev.local
Architecture 64bit
please give this change a try
,
I've checked this fix. It works fine and returns true with all conditions ( forcenew = true or false and sessioncluster = true or false ) for sessionstorage as datasource or memory.
But its return false if sessionstorage as ( cookie or file or cache name ) with both forceNew
and sessionCluster is True. If, any false means, it returns true.
, I've checked this ticket with lucee version 5.3.8.129-SNAPSHOT. It returns true for all conditions ( forcenew = true or false and sessioncluster = true or false). But it returns false for sessionstroage as (cookie,file) with sessioncluster=true.