Last modified: 2014-04-11 14:36:21 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T65663, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 63663 - API loses sessions too quickly. Throws badtoken error within 24 hours of a bot logged in.


Summary:	API loses sessions too quickly. Throws badtoken error within 24 hours of a b...

Status:	RESOLVED WORKSFORME

Product:	MediaWiki
Classification:	Unclassified
Component:	API (Other open bugs)
Version:	1.23.0
Hardware:	All All

Importance:	Normal normal (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-04-08 04:15 UTC by Cyberpower678
Modified:	2014-04-11 14:36 UTC (History)
CC List:	6 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Cyberpower678 2014-04-08 04:15:55 UTC

Lately, I have been finding the need to have to restart my bots as the API seems to want to change up tokens.  This causes some of my bots to receive a badtoken error.  I'm aware of a loss of session data happening every now and then, but this issue seems to be happening frequently.  I started up one of my bot scripts a little over 24 hours ago and reviewing the logs, no more than 24 hours passed before the tokens the bot received from the API became invalid.  This is becoming a minor nuisance.

Comment 1 Brad Jorsch 2014-04-08 13:15:44 UTC

Note this bug doesn't really have anything to do with the API, since for token handling it just uses the functions provided in the rest of core.

The ideal solution would be for your bot to detect this error and refresh its tokens, because no matter what this sort of thing will happen at some point.

Comment 2 Cyberpower678 2014-04-08 13:25:04 UTC

(In reply to Brad Jorsch from comment #1)
> Note this bug doesn't really have anything to do with the API, since for
> token handling it just uses the functions provided in the rest of core.
> 
> The ideal solution would be for your bot to detect this error and refresh
> its tokens, because no matter what this sort of thing will happen at some
> point.

I've already worked on a patch to refresh the tokens.  But the issue at hand is the token seem to expire way too quickly.

Comment 3 Cyberpower678 2014-04-10 17:30:01 UTC

(In reply to Brad Jorsch from comment #1)
> Note this bug doesn't really have anything to do with the API, since for
> token handling it just uses the functions provided in the rest of core.
> 
> The ideal solution would be for your bot to detect this error and refresh
> its tokens, because no matter what this sort of thing will happen at some
> point.

Another one of my bot tasks got logged out.  That never happens.  The Requests for Unblock table stopped being updated as a result.

Comment 4 Bawolff (Brian Wolff) 2014-04-10 17:59:58 UTC

Well yesterday/day before, all users were logged out due to heartbleed situation [1].

[1] http://lists.wikimedia.org/pipermail/wikitech-ambassadors/2014-April/000666.html

Comment 5 Cyberpower678 2014-04-10 20:38:31 UTC

(In reply to Bawolff (Brian Wolff) from comment #4)
> Well yesterday/day before, all users were logged out due to heartbleed
> situation [1].
> 
> [1]
> http://lists.wikimedia.org/pipermail/wikitech-ambassadors/2014-April/000666.
> html

Well.  It only happened to one task on my bot.  The others are still functioning.

Comment 6 Brad Jorsch 2014-04-11 14:36:21 UTC

I'm just going to close this. There's nothing demonstrably wrong with the API here.

Code that reuses tokens long-term should be ready to refresh those tokens when they expire, whether that is 24 hours, 24 days, or 24 minutes. Similarly, code that runs long-term should detect logged-out status (e.g. using assert=user) and should be prepared to log back in again.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links