I am currently getting signed out every minute from lemmy.world. This is not a client side cache issue. I tested making API calls from the command line (with curl) with no cache and the issue still occurs. One call I get the correct response, the next I get a 400 telling me im not signed in.
I’m primarily testing with the https://lemmy.world/api/v3/user/unread_count api endpoint. I’m not sure if this issue occurs with all endpoints.
Reproduction steps:
- Get a lemmy.world JWT token for your account using your desired method (eg. postman).
curl https://lemmy.world/api/v3/user/unread_count?auth={JWT_TOKEN_HERE}- Note the 400 error. If you do not get an error repeat step 2.
Edit
This issue only seems to affect lemmy.world so a temporary workaround is to use a different instance for the time being.
Sounds like lemmy.world runs on 2 instances and the requests are being loadbalanced between those two. That and that the jwt secret is different between those two instances causing one to accept and the other to reject
This is also my theory. I think you’re right on the money here. They probably rotated secrets from yesterday’s hack and forgot to restart both servers.
Does anyone know who can contact the server admins?
Yell real loud in all caps
REAL LOUD