Page MenuHomePhabricator

Persistent Invalid CSRF token errors
Open, Needs TriagePublicBUG REPORT


Doc Taxon runs two bots, TaxonBot and TaxonKatBot, on dewiki. For 2.5 days now the bots have been getting lots of token errors, without changes to the tasks.

(We assume that tokens might have been per-session and are now per-account, leading to scripts competing for valid tokens? There are problems especially with edits of long pages and page moves, which I assume to take a longer time?)

Could you please investigate this issue and maybe fix it?

Event Timeline

(Removing API-Portal as this sounds unrelated to

What login method is used? Where to find the source code of these bots?

The bots authenticate via OAuth owner-only consumers. The source code is in ~taxonbot on the instance taxonbot.dwl on WMCS. It can also be found here:

It seems that the bot loses CSRF token during editing big content pages since three days. Has there been any changes with getting or handling or validity or expiry time of tokens 3 days ago?

I have now realized that I have the same problem with the bot GiftBot on dewiki. Several scripts are stuck in endless loops because they cannot get valid tokens.

@Bawolff We have problems to tag this bug properly. Can you help us please?

RhinosF1 raised the priority of this task from High to Needs Triage.Aug 19 2022, 6:44 AM
RhinosF1 added a subscriber: RhinosF1.

Please only set the task priority if you are working on it (or it's meets the UBN policies). Priority should reflect reality not wishes.