this post was submitted on 11 Jul 2023
194 points (98.5% liked)

Lemmy.world Support

3228 readers
12 users here now

Lemmy.world Support

Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.

This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.

This community is subject to the rules defined here for lemmy.world.

To open a support ticket Static Badge


You can also DM https://lemmy.world/u/lwreport or email report@lemmy.world (PGP Supported) if you need to reach our directly to the admin team.


Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world



founded 1 year ago
MODERATORS
 

I am currently getting signed out every minute from lemmy.world. This is not a client side cache issue. I tested making API calls from the command line (with curl) with no cache and the issue still occurs. One call I get the correct response, the next I get a 400 telling me im not signed in.

I'm primarily testing with the https://lemmy.world/api/v3/user/unread_count api endpoint. I'm not sure if this issue occurs with all endpoints.

Reproduction steps:

  1. Get a lemmy.world JWT token for your account using your desired method (eg. postman).
  2. curl https://lemmy.world/api/v3/user/unread_count?auth={JWT_TOKEN_HERE}
  3. Note the 400 error. If you do not get an error repeat step 2.

Edit

This issue only seems to affect lemmy.world so a temporary workaround is to use a different instance for the time being.

you are viewing a single comment's thread
view the rest of the comments
[–] Spaltovic@lemmy.world 32 points 1 year ago (4 children)

Sounds like lemmy.world runs on 2 instances and the requests are being loadbalanced between those two. That and that the jwt secret is different between those two instances causing one to accept and the other to reject

[–] Zephyrix@lemmy.world 17 points 1 year ago (1 children)

This is also my theory. I think you’re right on the money here. They probably rotated secrets from yesterday’s hack and forgot to restart both servers.

[–] Mereo@lemmy.ca 4 points 1 year ago (1 children)

Does anyone know who can contact the server admins?

[–] Fuck_u_spez_@lemmy.world 7 points 1 year ago (1 children)
load more comments (2 replies)