From my experience it's entirely random. You can make 5 actions and all 5 will work. Then have a string of 5 actions where none would work.
Could still be a software issue. Someone said this already but it could be possible that Lemmy.world is using a load balancer and multiple servers. These two servers' authentication tokens may be out of sync. So if you hit server 1 and you are sign in to server 1, you're good. If you hit server 2, you're signed out all of a sudden. This can also explain why the issue started to happen abruptly today. It's possible the load on the server wasn't that bad yesterday so the load balancer didn't kick in. This is all speculation. Will have to wait for an official message to confirm anything.
Signing in. Most websites/apps will probably also grab your unread count, and maybe even your subscription feeds.
Another example is checking your inbox. Lemmy actually has 3 inboxes: mentions, replies and PMs. A lot of websites/apps bundle these three so they will need to check all 3 inboxes via 3 API calls.
Different token each time
It's based on my understanding of how servers work and my tests. There is obviously always room for error, but I'm like 99% confident I'm right.
Also AFAIK lemmy doesn't kick you out because you signed in elsewhere.
The good news is it only appears to affect lemmy.world. If you have an account on another instance, you should switch to that account for now.
No. This issue goes a lot deeper than your login information.
The issue is server sided so it will not matter what you use unfortunately. Technically a temp but terrible fix is to keep retrying on 400s (not signed in) until a 200 (success) is returned. This is terrible because you pretty much never want to retry for 400 errors because 400 errors are client side errors (except in this case).
Login in likely always succeeding. The issue is that whatever app/website you use will make additional API calls afterwards (eg. fetch posts or fetch unread count). Each of those calls have a 1-in-2 chance to succeed and if any of them fail, they all fail and you will be booted out.
Lemmy is now an RNG game. We must prayge to rngesus before making any actions.
From my tests, it's almost perfectly a 50/50 whether any API requests you make will yield a 200 (success) or a 400 (not signed in). If you perform an action that takes 3 API requests, your chances of succeeding is (1/2)^3 or 1/8 because only 1 request needs to fail in the chain for the entire action to fail. So, as long as you make single API actions you can maximize your success rate :D
I am currently getting signed out every minute from lemmy.world. This is not a client side cache issue. I tested making API calls from the command line (with curl
) with no cache and the issue still occurs. One call I get the correct response, the next I get a 400 telling me im not signed in.
I'm primarily testing with the https://lemmy.world/api/v3/user/unread_count api endpoint. I'm not sure if this issue occurs with all endpoints.
Reproduction steps:
- Get a lemmy.world JWT token for your account using your desired method (eg. postman).
curl https://lemmy.world/api/v3/user/unread_count?auth={JWT_TOKEN_HERE}
- Note the 400 error. If you do not get an error repeat step 2.
Edit
This issue only seems to affect lemmy.world so a temporary workaround is to use a different instance for the time being.
Oh wow. This looks perfect for this question. Thanks!
Hello! I'm the developer of Summit, one of the Lemmy apps.
I want to be able to mark a post as read using an API call.
I understand that fetching the post itself using the account JWT will mark the post as read for that account, however this also fetches a lot of data.
Trying to be as server friendly as possible, what is the least resource intensive way to mark a post as read and nothing else?
Also if there is a better place to ask this, please let me know.