No, I haven't configured two session factories, one of them is
commented out, so that I can test either.
If I use LegacySessionCSRFStoragePolicy, get_csrf_token(request) and
request.session.get_csrf_token() do return the same value. A look at
the source code shows they are implemented in the same way.
BUT it I use CookieCSRFStoragePolicy, they no longer return the same
value. That was my point.
As I was using the second policy in my code, as per the Pyramid
tutorial, I was always getting CSRF errors in my Deform forms. I've
solved the problem by using:
@colander.deferred
def deferred_csrf_default(node, kw):
request = kw.get('request')
return get_csrf_token(request)
instead of:
@colander.deferred
def deferred_csrf_default(node, kw):
request = kw.get('request')
return request.session.get_csrf_token()
Laurent.