We're using Plone 4.3 with plone.protect on a cluster with some application servers.
Is the generated CSRF token passed from a form back to the backend specific to a particular application server or valid on all application servers?
I've seen multiple errors like this
Unexpected error whilst trying to apply transform chain
Traceback (most recent call last):
File "/home/plone/zchl_buildout/eggs/plone.transformchain-1.2.0-py2.7.egg/plone/transformchain/transformer.py", line 49, in __call__
newResult = handler.transformIterable(result, encoding)
File "/home/plone/zchl_buildout/eggs/plone.protect-3.0.14-py2.7.egg/plone/protect/auto.py", line 152, in transformIterable
if not self.check():
File "/home/plone/zchl_buildout/eggs/plone.protect-3.0.14-py2.7.egg/plone/protect/auto.py", line 171, in check
return self._check()
File "/home/plone/zchl_buildout/eggs/plone.protect-3.0.14-py2.7.egg/plone/protect/auto.py", line 195, in _check
check(self.request, manager=self.key_manager)
File "/home/plone/zchl_buildout/eggs/plone.protect-3.0.14-py2.7.egg/plone/protect/authenticator.py", line 113, in check
raise Forbidden('Form authenticator is invalid.')
Forbidden: Form authenticator is invalid.
Andreas