I am currently getting signed out every minute from lemmy.world. This is not a client side cache issue. I tested making API calls from the command line (with curl) with no cache and the issue still occurs. One call I get the correct response, the next I get a 400 telling me im not signed in.

I’m primarily testing with the https://lemmy.world/api/v3/user/unread_count api endpoint. I’m not sure if this issue occurs with all endpoints.

Reproduction steps:

  1. Get a lemmy.world JWT token for your account using your desired method (eg. postman).
  2. curl https://lemmy.world/api/v3/user/unread_count?auth={JWT_TOKEN_HERE}
  3. Note the 400 error. If you do not get an error repeat step 2.

Edit

This issue only seems to affect lemmy.world so a temporary workaround is to use a different instance for the time being.

  • Antik 👾@lemmy.world
    shield
    link
    fedilink
    arrow-up
    33
    ·
    edit-2
    1 year ago

    Just a quick statement from the admins team to say that we are aware of the issue and yes we are looking into this.

    Thank you @idunnololz@lemmy.world for the elaborate report and everyone else for their patience while we try to sort this one out!

    Edit: Lemmy was upgraded to 0.18.2

  • Spaltovic@lemmy.world
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    Sounds like lemmy.world runs on 2 instances and the requests are being loadbalanced between those two. That and that the jwt secret is different between those two instances causing one to accept and the other to reject

  • irkli@lemmy.world
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    1 year ago

    Ahhh thanks for that! I took could not stay logged in, annoyingly id find out when I attempted a post/reply, “not logged in”. Using Connect or website.

    I installed jerboa, logged in ok and here I am. If it goes bad too then I dunno…

  • melonpunk@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Making a new post is a nightmare. I wish the submit button would time out in these instances so you can try again. Right now I’m having to copy and paste into a new tab and hope for the best (but fail, 5 times and counting).

  • Mereo@lemmy.ca
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Yeah. Lemmy.world is currently unusable on the desktop. I don’t have that problem in Memmy. Growing pains but I hope the problem will be fixed soon. Do anyone know if one of the mods in North America are aware of the problem?

    • Resolved3874@lemdro.id
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I was having trouble in liftoff and the browser. Cleared data and cache from liftoff thinking maybe something got messed up there and now I can’t even log back into my .world account 🤷‍♂️ I’ll hang here for a bit I guess.

      • PriorProject@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I’m choking in desktop browser and in liftoff. Jerboa seems ok. It’s weird to me how different clients react differently, I’m not sure how they interact differently.

  • nix98@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I was running into this across both my accounts on lemmy.world. Changing my password seems to have resolved it both on the web and in Mlem.

  • DelvianSeek@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    FWIW, I can confirm I’m having this issue as well. The load balancing hypothesis seems sound given the behavior I’m seeing. Definitely making lemmy.world pretty much unusable at this point.

    • idunnololz_test@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      From my tests, it’s almost perfectly a 50/50 whether any API requests you make will yield a 200 (success) or a 400 (not signed in). If you perform an action that takes 3 API requests, your chances of succeeding is (1/2)^3 or 1/8 because only 1 request needs to fail in the chain for the entire action to fail. So, as long as you make single API actions you can maximize your success rate :D

        • idunnololz_test@lemmy.mlOP
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Signing in. Most websites/apps will probably also grab your unread count, and maybe even your subscription feeds.

          Another example is checking your inbox. Lemmy actually has 3 inboxes: mentions, replies and PMs. A lot of websites/apps bundle these three so they will need to check all 3 inboxes via 3 API calls.

      • Laticauda@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Seems like spamming actions also gets it to work eventually. It’s a pain in the arse though lol. I made some alt accounts on other instances, but I’m lazy and don’t wanna rebuild my subscription feed if I don’t have to, so hopefully it gets fixed at some point.

  • fubo@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I’m getting this too, even after clearing cookies and logging in again. I’ve seen it on multiple devices (Android phone, Linux desktop with Chrome).