I've first posted my issue on a french forum, but i thought it'd also be a good idea to seek for help here.
I think i'll go straight to the point. I've deployed a beta on a server for a site i worked on locally in dev environment. I used Capifony and DoctrineMigrations. I'm using FOSUserBundle with a custom UserBundle inheriting FOSUB. Some fields are added to the User class, etc. Don't worry i didn't override the main views and there's no {{ form_rest(form) }} missing or anything like that.
Everything works locally, but as you can expect, on the server it's not the same. The app/logs/prod.log returns nothing, i tried to put a level: debug into Monolog config (app/config/config_prod.yml) but it'd changed nothing.
Part of app/config/config.yml regarding sessions :
session:
handler_id: session.handler.native_file
save_path: "%kernel.root_dir%/sessions/"
[TL;DR] There's no sessions files on the server about this site neither in app/sessions nor anywhere else. I assume the issue with CSRF token being invalid comes from the sessions issue.
No way there's a permission rights issue, app/sessions is chmoded 777 (same as app/logs and app/cache) with the right chown. The web/config.php returns no issue with the configuration. I don't know how to find the cause of this issue as it totally works locally and you can't debug on a prod environment if there's nothing in the log... Any idea ?
So, it was indeed an issue with permissions. The issue was related to Capifony. The shared_children are symlinks. And when you chmod a symlink, it doesn't chmod anything. So here for instance the shared/app/sessions directory was still in 755 which wasn't enough.
If you've a similar issue. Be sure the permissions for the shared_children in your Cap project directory / shared all well set.