Reputation: 61814
Symfony can changing the 'secret' parameter break anything?
In the parameters.yml file there is a parameter named secret which defaults to ThisTokenIsNotSoSecretChangeIt but it should be changed to something else.
What happens if the value of this parameter is changed in production? Can it break anything?
Upvotes: 17
Views: 4572
Answers (1)
Reputation: 61814
It does not break anything. Changing the value secret parameter from time to time is even considered a good practice, suggested by the official documentation:
http://symfony.com/doc/current/reference/configuration/framework.html#secret
The only thing to be aware of is:
However, keep in mind that changing this value will invalidate all signed URIs and Remember Me cookies. That's why, after changing this value, you should regenerate the application cache and log out all the application users.
Upvotes: 17
Related Questions
- Symfony - Terminal Command to generate a new APP_SECRET
- Is there any way to access a Symfony secret value in userland code?
- What is the SECRET parameter in Symfony2 used for?
- How do security settings in config.yml and security.yml relate?
- Symfony2 Security: Using encryption settings in code
- Symfony2 - where are all the places where the 'secret' key (parameters.yml) is used?
- How does Symfony Security work?
- Security in Symfony2
- Secret usage on Symfony2's parameters.ini
- Symfony2 setting up (my own) secure Variables