Maintain OMERO.web/var/django_secret_key across upgrades
manics opened this issue · comments
OMERO.web/var/django_secret_key
contains a secret key used to encrypt django sessions. The current upgrade process causes this to be regenerated, invalidating existing sessions. We should:
- See whether sessions can be maintained across OMERO.web restarts. If they're not then there's no point in exploring this issue further.
- If they are, then we should either copy
OMERO.web/var/django_secret_key
between upgrades, or if possible use an OMERO.web/Django configuration option to change the location of this file.
I've concluded this role is not the right place to do this:
- AFAICT it's an intentional OMERO.web design decision to make it easier to run by autogenerating a key, where as the standard Django recommendation is to explicitly set one https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SECRET_KEY
- This will not work with load-balancing or with shared-sessions
The way to fix this is to set omero.web.secret_key
: https://docs.openmicroscopy.org/omero/5.4.3/sysadmins/config.html?highlight=omero%20web%20secret_key#omero-web-secret-key