OMERO.web/var/django_secret_key contains a secret key used to encrypt django sessions. The current upgrade process causes this to be regenerated, invalidating existing sessions. We should:

1. See whether sessions can be maintained across OMERO.web restarts. If they're not then there's no point in exploring this issue further.
2. If they are, then we should either copy OMERO.web/var/django_secret_key between upgrades, or if possible use an OMERO.web/Django configuration option to change the location of this file.

I've concluded this role is not the right place to do this:

• AFAICT it's an intentional OMERO.web design decision to make it easier to run by autogenerating a key, where as the standard Django recommendation is to explicitly set one https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SECRET_KEY
• This will not work with load-balancing or with shared-sessions

The way to fix this is to set omero.web.secret_key: https://docs.openmicroscopy.org/omero/5.4.3/sysadmins/config.html?highlight=omero%20web%20secret_key#omero-web-secret-key