You can set specific strategy for \oat\tao\model\security\xsrf\TokenService,
by changing its configuration on config/tao/security-xsrf-token.conf.php:
<?php
return new oat\tao\model\security\xsrf\TokenService(array(
'store' => new oat\tao\model\security\xsrf\TokenStoreKeyValue(
[
'persistence' => 'redis',
]
),
'poolSize' => 10,
'timeLimit' => 360,
'validateTokens' => false
));In case you are using \oat\tao\model\security\xsrf\TokenStoreKeyValue with Redis, please do not forget to have a CRON job deleting tokens time-to-time to avoid increase your Redis storage.
Check ClearCsrfTokenTool for more details.