Versions Compared

Old Version 19

changes.mady.by.user Tim McCormack

Saved on

compared with

New Version 20

changes.mady.by.user Ned Batchelder

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Ephemeral tokens generated with the original secret key, say, for password resets or mailing list unsubscribe, will be invalid.

  2. Users will be logged out as their sessions IDs will be invalid

  3. Hashed tracking IDs in logs generated prior to the update will have a different obfuscated session id.  This is less important because of item 2.

  4. The obscured ids used in proctoring will also change.

  5. MFEs that don’t properly handle auth endpoints suddenly requiring re-auth will see a spike in JS errors until users have logged back into the LMS.

Warning
Nota Bene

Please Note

You should not undertake this lightly and we cannot make any specific guarantees about the process described here.  At a minimum, familiarize yourself with the uses of the Django SECRET_KEY described here: https://stackoverflow.com/questions/15170637/effects-of-changing-djangos-secret-key.  Additionally, ensure you have current, valid backups of your data and test this in a pre-production environment thoroughly.

...