We're updating the issue view to help you get more done. 

force Lucee session cluster to be false

Description

When using a session cache such as memcached for Lucee sessions, setting `this.sessionCluster = true` causes issues with session rotation/invalidation and csrf token validation (data is not persisted to the session for some reason). On top of that, session cluster "true" means that the entire session is read over the wire on each request.

To avoid these problems, and fix misconfiguration retrospectively, Core will force `this.sessionCluster = false`.

If these bugs are later resolved in Lucee session caches then we can consider reversing this change.

Environment

None

Status

Assignee

Unassigned

Reporter

Justin Carter

Labels

None

Fix versions

Priority

Major