There is a Java backend hosted on Tomcat, the two different application(sessions) for the java backend are running a common database to replicate the session for the server and the load balancer is configured using HAProxy.
But there is this error: potential cross-site request forgery (CSRF) attack thwarted, method:POST, uri:/jw/web/console/app/test2/1/form/create, error:Request Token does not match the Master Token)
I have tried the following HAProxy cfg but still facing the same issue.
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http_front
bind *:80
http-request set-header X-Forwarded-For %[src]
http-request set-header X-Forwareded-Proto https if {ssl_fc }
default_backend http_back
backend http_back
balance roundrobin
server webserver1 192.168.0.101:80 check
server webserver2 192.168.0.102:80 check