Hi! Normally when you rotate secret key, users are logged out, which is a big inconvenience if you have millions of users and might cost your business valuable users, and this pushes companies not to rotate keys, which is not the best practice..
that's why I wanted to make this process transparent to the user, I created a library "django-rotate-secret-key" which helps you rotate your secret key and still accept sessions with the old key for limited amount of time, and I explained how to use in this medium post.
obviously this is not something you want if your key is compromised, but if you want to rotate just as a best security practice this library is for you!
what I love about this library is, once you pass that window where you accept both keys, you can delete/revert everything so there is no residue with this solution! not a single line of code you need to maintain in the future.
Feedbacks welcome, thank you very much!
