I am currently getting signed out every minute from lemmy.world. This is not a client side cache issue. I tested making API calls from the command line (with curl) with no cache and the issue still occurs. One call I get the correct response, the next I get a 400 telling me im not signed in.

I’m primarily testing with the https://lemmy.world/api/v3/user/unread_count api endpoint. I’m not sure if this issue occurs with all endpoints.

Reproduction steps:

  1. Get a lemmy.world JWT token for your account using your desired method (eg. postman).
  2. curl https://lemmy.world/api/v3/user/unread_count?auth={JWT_TOKEN_HERE}
  3. Note the 400 error. If you do not get an error repeat step 2.

Edit

This issue only seems to affect lemmy.world so a temporary workaround is to use a different instance for the time being.

  • Laticauda@lemmy.world
    link
    fedilink
    arrow-up
    26
    ·
    1 year ago

    Same problem for me it seems, dunno if I’ll even be able to comment. Refuses to stay logged in.

    • idunnololz_test@lemmy.mlOP
      link
      fedilink
      arrow-up
      9
      ·
      edit-2
      1 year ago

      From my tests, it’s almost perfectly a 50/50 whether any API requests you make will yield a 200 (success) or a 400 (not signed in). If you perform an action that takes 3 API requests, your chances of succeeding is (1/2)^3 or 1/8 because only 1 request needs to fail in the chain for the entire action to fail. So, as long as you make single API actions you can maximize your success rate :D

      • Laticauda@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        Seems like spamming actions also gets it to work eventually. It’s a pain in the arse though lol. I made some alt accounts on other instances, but I’m lazy and don’t wanna rebuild my subscription feed if I don’t have to, so hopefully it gets fixed at some point.

        • idunnololz_test@lemmy.mlOP
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          Signing in. Most websites/apps will probably also grab your unread count, and maybe even your subscription feeds.

          Another example is checking your inbox. Lemmy actually has 3 inboxes: mentions, replies and PMs. A lot of websites/apps bundle these three so they will need to check all 3 inboxes via 3 API calls.