this post was submitted on 11 Jul 2023
194 points (98.5% liked)

Lemmy.world Support

3216 readers
17 users here now

Lemmy.world Support

Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.

This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.

This community is subject to the rules defined here for lemmy.world.

To open a support ticket Static Badge

You can also DM https://lemmy.world/u/lwreport or email [email protected] (PGP Supported) if you need to reach our directly to the admin team.

Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world

founded 1 year ago
MODERATORS
ruud
MrKaplan
jelloeater85
lwadmin
Serinus
194
Server side bug with lemmy.world and intermitent authentication. (lemmy.ml)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/support
81 comments fedilink hide all child comments
 

I am currently getting signed out every minute from lemmy.world. This is not a client side cache issue. I tested making API calls from the command line (with curl) with no cache and the issue still occurs. One call I get the correct response, the next I get a 400 telling me im not signed in.

I'm primarily testing with the https://lemmy.world/api/v3/user/unread_count api endpoint. I'm not sure if this issue occurs with all endpoints.

Reproduction steps:

  1. Get a lemmy.world JWT token for your account using your desired method (eg. postman).
  2. curl https://lemmy.world/api/v3/user/unread_count?auth={JWT_TOKEN_HERE}
  3. Note the 400 error. If you do not get an error repeat step 2.

Edit

This issue only seems to affect lemmy.world so a temporary workaround is to use a different instance for the time being.

you are viewing a single comment's thread
view the rest of the comments
[–] Spaltovic 32 points 1 year ago (1 children)

Sounds like lemmy.world runs on 2 instances and the requests are being loadbalanced between those two. That and that the jwt secret is different between those two instances causing one to accept and the other to reject

[–] Zephyrix 17 points 1 year ago (1 children)

This is also my theory. I think you’re right on the money here. They probably rotated secrets from yesterday’s hack and forgot to restart both servers.

[–] [email protected] 4 points 1 year ago (1 children)

Does anyone know who can contact the server admins?

[–] Fuck_u_spez_ 7 points 1 year ago (1 children)

Yell real loud in all caps

[–] PriorProject 8 points 1 year ago

REAL LOUD