API Tokens invalidated on upgrade to 2.9.11

[dan-odsc]

(edited by @robredpath )

In our conversation last week we seemed to conclude that API Tokens created prior to upgrading staging to 2.9.11 were in some way invalidated or made unusable after the upgrade.

Obviously, we want to understand this before we go ahead with the upgrade on live.

We can use this issue to record any findings, and solutions.

[robredpath]

In discussion with @cormachallinanderilinx yesterday we think that this is due to a secret key getting regenerated during the deployment process. @cormachallinanderilinx is going to test a potential solution when setting up our new test server.

[robredpath]

@cormachallinanderilinx is testing a theory about this on a new server this week

[cormachallinanderilinx]

@robredpath I have tested this on the new server: https://iati-staging.staging.derilinx.com/ I ran some upgrades with using the session_secret and it allows me to use the same key on both servers, therefore after upgrading I would be confident the API keys will work after an upgrade

I know yipl had some issues with the API keys initially, would you like if they tested their API keys also on this server?

[robredpath]

@dan-odsc please can you coordinate YI testing their existing API keys on staging to check that @cormachallinanderilinx 's proposed solution works?