3

In the docs for Symfony 4.4, for the 'secret' configuration option https://symfony.com/doc/4.4/reference/configuration/framework.html#secret, it mentions:

As with any other security-related parameter, it is a good practice to change this value from time to time. However, keep in mind that changing this value will invalidate all signed URIs and Remember Me cookies. That’s why, after changing this value, you should regenerate the application cache and log out all the application users.

Is this also the preferred practice for orocommerce production instances? Can I be sure that my application will still run the same after clearing and warming up the production cache?

I found no information about the involved processes in the orocommerce docs. I am using OroCommerce version 4.1 with Symfony 4.4.

stenno
  • 31
  • 2
  • This is by no means an authoritative answer, but from checking [the github repo](https://github.com/oroinc/orocommerce/search?q=secret) it does not look like oro commerce does anything with the secret. I would therefore assume that the steps from Symfony apply for OroCommerce as well. Clearing the cache should have no negative effects on your application. If it does, you likely have mad incompatible changes that were previously ignored due to the caches. In other words, it will only break if something in the code changed and is now broken. – dbrumann Mar 10 '21 at 12:19
  • 1
    @dbrumann, it's not an OroCommerce application repository. Your link searches in one of the application packages, but not in the whole application. – Andrey Yatsenko Mar 10 '21 at 12:26

1 Answers1

2

You can set the application secret using the environment variable ORO_SECRET, and changing the variable later in runtime will not affect the application cache at all. Alternatively, if you don't want to use environment variables, you can hardcode the secret value in the parameters.yml file.

The "secret" is not documented in OroCommerce, because it's already mentioned in Symfony framework documentation.

As for the second question, clearing the cache on the production instance is not safe. You should put the application to the maintenance mode before doing that. The full procedure is described in the OroCommerce upgrade guide.

Andrey Yatsenko
  • 1,936
  • 1
  • 11
  • 13