There's not enough here for me to guess why, but I wanted to note in Pyramid 1.9.x you can store the CSRF in a cookie (instead of in the session). It may be worth upgrading to use the new storage policy (and compare two cookies) before fixing this.
-- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/a0ed35da-c332-4108-a277-de668bd54e46%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.