I am currently getting signed out every minute from lemmy.world. This is not a client side cache issue. I tested making API calls from the command line (with curl) with no cache and the issue still occurs. One call I get the correct response, the next I get a 400 telling me im not signed in.

I’m primarily testing with the https://lemmy.world/api/v3/user/unread_count api endpoint. I’m not sure if this issue occurs with all endpoints.

Reproduction steps:

  1. Get a lemmy.world JWT token for your account using your desired method (eg. postman).
  2. curl https://lemmy.world/api/v3/user/unread_count?auth={JWT_TOKEN_HERE}
  3. Note the 400 error. If you do not get an error repeat step 2.

Edit

This issue only seems to affect lemmy.world so a temporary workaround is to use a different instance for the time being.

      • idunnololz_test@lemmy.mlOP
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        It’s based on my understanding of how servers work and my tests. There is obviously always room for error, but I’m like 99% confident I’m right.

        Also AFAIK lemmy doesn’t kick you out because you signed in elsewhere.

        • nekat_emanresu@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I’m just troubleshooting by eliminating a massive category of possible causes.

          I’m asking you to physically try, not your opinion. Please, we have all been there “I don’t need to reset my router, I know what I’m doing”

        • nekat_emanresu@lemmy.ml
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          1 year ago

          Ok mate, you don’t need to be abusive about this, i was acting in good faith to try and help. I just logged into my lemmy.world account and see what you mean, instantly not logged in.

            • fkn@lemmy.world
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              Fwiw, the fix literally yesterday was to change your password in certain app/mobile configurations to force invalidate your old token that was signed by the old key.

              • nekat_emanresu@lemmy.ml
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                At the time i was commenting, I didn’t see much information about what was going on, so i just went for the default of asking questions and ruling things out. Didn’t realise it was a significant % of people and that they didn’t even get a chance to stay logged in for a second. When i talked with them they made zero attempts to even honor a word i said when they could have just corrected and filled me in about my clear lack of info. This is why people dont help others any more. I’ve learned my lesson. I’m done.