Verify that the session is indeed being stored to Redis.
If the session lifetime is set to transient (0 = Expire-on-close) in your configuration, the keystore will be empty and no CSRF token may be matched.
If the data is present in Redis, verify the token being sent against the one that is expected using e.g. Firebug to inspect POST form data.