Laravel CSRF with SSL load balancing behind nginx

Question

We have an Nginx load balancer with SSL termination. Behind it are two web servers running nginx/laravel 5.1 and both share sessions on redis . When the load balancing is set to session affinity mode where the user goes back to same server, sessions work fine. If we use round robin, we face CSRF "Illuminate \ Session \ TokenMismatchException" and the user does not get a valid session. How can i get sessions working in round robin?

Here are the proxy settings on nginx.

    proxy_set_header 'Access-Control-Allow-Origin' '*';
    proxy_set_header 'Access-Control-Allow-Credentials' 'true';
    proxy_set_header 'Access-Control-Allow-Headers' 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept';
   proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';

On login blade we have

<div class="signin_form_modal">
    <div class="signin_form">
        <form id="signin_form">
            <div class="modal_header">
                <a href="#" class="modal_back inline" title="close">+</a>
                <h1 class="modal_title">Sign in</h1>
            </div>
        <div class="modal_input_group">
            {!! csrf_field() !!}
            <input type="text" name="email" placeholder="Username or Email" class="email modal-input">
            <input type="password" name="password" placeholder="Password" class="password modal-input">
        </div>
        <div class="modal_footer">
            <!--<a href="#"><i class="fa fa-check"></i> Done</a>-->
            <button class="submit" type="submit"><i class="fa fa-check"></i> Done</button>
        </div>
        </form>
    </div>
</div>

Route is defined as

Route::post('/signin', 'Auth\AuthController@signin');

Answer 1

Sessions are stored on the local server for some providers. If the user change server due to load balancing, all the session is lost.

The only solution is to use a session provider that is shared across servers.