I am currently getting signed out every minute from lemmy.world. This is not a client side cache issue. I tested making API calls from the command line (with curl) with no cache and the issue still occurs. One call I get the correct response, the next I get a 400 telling me im not signed in.

I’m primarily testing with the https://lemmy.world/api/v3/user/unread_count api endpoint. I’m not sure if this issue occurs with all endpoints.

Reproduction steps:

  1. Get a lemmy.world JWT token for your account using your desired method (eg. postman).
  2. curl https://lemmy.world/api/v3/user/unread_count?auth={JWT_TOKEN_HERE}
  3. Note the 400 error. If you do not get an error repeat step 2.

Edit

This issue only seems to affect lemmy.world so a temporary workaround is to use a different instance for the time being.

    • idunnololz_test@lemmy.mlOP
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      It’s based on my understanding of how servers work and my tests. There is obviously always room for error, but I’m like 99% confident I’m right.

      Also AFAIK lemmy doesn’t kick you out because you signed in elsewhere.

      • nekat_emanresu@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I’m just troubleshooting by eliminating a massive category of possible causes.

        I’m asking you to physically try, not your opinion. Please, we have all been there “I don’t need to reset my router, I know what I’m doing”

      • nekat_emanresu@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Ok mate, you don’t need to be abusive about this, i was acting in good faith to try and help. I just logged into my lemmy.world account and see what you mean, instantly not logged in.

          • fkn@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Fwiw, the fix literally yesterday was to change your password in certain app/mobile configurations to force invalidate your old token that was signed by the old key.

            • nekat_emanresu@lemmy.ml
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              At the time i was commenting, I didn’t see much information about what was going on, so i just went for the default of asking questions and ruling things out. Didn’t realise it was a significant % of people and that they didn’t even get a chance to stay logged in for a second. When i talked with them they made zero attempts to even honor a word i said when they could have just corrected and filled me in about my clear lack of info. This is why people dont help others any more. I’ve learned my lesson. I’m done.