How do I set up Dropbox API for use on a multiple server environment/ load balancing?

The following would be helpful so we can offer some insight:

- the steps to reproduce the issue

- the full text of the error/any output

- the relevant code snippet(s), including any changes you made to "move the session's to cookies"

Gregory, my code works on a single server (it's alive in production now).

where the code sets/reads the session data, I just replaced it with cookies. Which will have no baring on handling the authorization request. The exact error is the generic 

"/dropbox-auth-finish: CSRF mismatch: expect ##########, got ########". This is because the request is leaving one server and returning on another. My logs show the request leave and return on different servers. I see no documentation on handling this work flow.

Have you built dropbox to work with multi-servers before?

I'm still not clear what change you made exactly regarding the cookies and sessions, but that certainly would be relevant here, as the error is indicating that the CSRF token didn't match what was expected, and the SDK stores the expected CSRF token in the session. You can see that here in the SDK where the exception is thrown:

https://github.com/dropbox/dropbox-sdk-php/blob/9db8328c6c035baa0fee48291bd8bd93bcc714b0/lib/Dropbox/WebAuth.php#L246

We don't have any specific documentation on how to handle this in an environment like yours, and in any case I suspect it would be specific to the environment, so I recommend looking at how the code works, and updating the your code and/or the SDK as necessary.

I only changed the auth_finish part that retrieves the access token. I didn't change any function within the sdk. So if I change the sdk functions to use cookies instead of sessions it might fix this problem. I appreciate the insight.

If I can get the php sdk to work in a load balancing environment, can I hand it off to Dropbox and have them maintain the code officially? As more and more people are moving to services with multiple servers, I think it would be helpful.

If you have a patch for the SDK that you think will be useful to others, please feel free to submit a pull request on the dropbox-sdk-php project.

If I can get to building this I would add a setting that allows the user to either use sessions or cookies.

I got the similar issue, 

i have hosted my dropbox project in a server, when multiple people try to auth use dropbox auth at same time , it creates CSRF mismatch problem.

Example 

A user comes to site and click on auth csrf set in session and redirected to dropbox page  to authorize (https://www.dropbox.com/1/oauth2/authorize) and same time another user click to auth now csrf changed and redirected to dropbox page to authorize. So when first user come to via redirected URI , CSRF MISMATCH problem occurs.

is there way to customize my app?

Thamaraiselvam, different users shouldn't be affecting each other's sessions. It sounds like the session system for your app isn't set up correctly. That's a more general problem, and so a bit outside the scope of API support though, so I'm afraid I can't offer support for that. You should refer to the documentation for your web app platform for help configuring sessions properly.

Gregory ,

Its okay, I just modified some codes in sdk, now it is working fine.