FEATUE: automatically validate token is stored in redis

This ensures we have some handling for redis flushall

We attempt to recover our in-memory session token once every 30 seconds

Code is careful to only set the token if it is nil, to allow for manual
cycling to remain safe if needed

app/models/global_setting.rb

@@ -11,6 +11,8 @@ class GlobalSetting
   # for legacy reasons
   REDIS_SECRET_KEY = 'SECRET_TOKEN'
 
+  REDIS_VALIDATE_SECONDS = 30
+
   # In Rails secret_key_base is used to encrypt the cookie store
   # the cookie store contains session data
   # Discourse also uses this secret key to digest user auth tokens
@@ -19,9 +21,21 @@ class GlobalSetting
   # - generate a token on the fly if needed and cache in redis
   # - enforce rules about token format falling back to redis if needed
   def self.safe_secret_key_base
+
+    if @safe_secret_key_base && @token_in_redis && (@token_last_validated + REDIS_VALIDATE_SECONDS) < Time.now
+      token = $redis.without_namespace.get(REDIS_SECRET_KEY)
+      if token.nil?
+        $redis.without_namespace.set(REDIS_SECRET_KEY, @safe_secret_key_base)
+      end
+    end
+
     @safe_secret_key_base ||= begin
       token = secret_key_base
       if token.blank? || token !~ VALID_SECRET_KEY
+
+        @token_in_redis = true
+        @token_last_validated = Time.now
+
         token = $redis.without_namespace.get(REDIS_SECRET_KEY)
         unless token && token =~ VALID_SECRET_KEY
           token = SecureRandom.hex(64)