Menu
If I am setting up multiple django servers behind a load balancer, do I want the SECRET_KEY to be the same, different or does it matter at all? The docs are a little thin on exactly what this value is used for.
297
Summary: The Django secret key is used to provide cryptographic signing. This key is mostly used to sign session cookies. If one were to have this key, they would be able to modify the cookies sent by the application.
It's not used for passwords. Passwords use random generated salt for each account and PKGF hash by default. But it's used for other stuff, like generating password reset link, etc..
Generating a Django SECRET_KEY To generate a new key, we can use the get_random_secret_key() function present in django. core. management. utils .
What happens if I change Django secret key? Once you change the SECRET_KEY on production, all the old sessions and cookies are invalidated, users are logged out and data in sessions are lost. This is good if your SECRET_KEY is compromised!
I guess it must be the same. Here is related question: Django SECRET_KEY.
Basically secret key is used to validate various things send to client or put in session. So if your nodes would have different secret keys you would have client's session cleared everytime it is routed to new node (which is bad).
163
SECRET_KEY is used in various places such as the session middleware. If all nodes must have access to the session information then they must share the same key.
5
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
