Page MenuHomePhabricator

Can't log in or out or save edits - Invalid CSRF token
Closed, ResolvedPublicBUG REPORT


Steps to replicate the issue (include links if applicable):

  • Open a fresh browser window
  • Attempt to log in to Wikipedia

Also, attempt to log out of a logged-in account.

What happens?:

Screenshot 2022-12-13 at 12.18.29.png (596×642 px, 69 KB)


Screenshot 2022-12-13 at 12.19.06.png (126×576 px, 12 KB)

What should have happened instead?:
I should be able to log in or out.

Event Timeline

Samwalton9-WMF triaged this task as Unbreak Now! priority.Dec 13 2022, 12:19 PM

Seems like an UBN-level issue.

Also, users seem not able to save any edits:

"We could not save your edit because the session was no longer valid. You are no longer logged in. Please log back in from a different tab and try again."

There's an incident going on - SRE is on it

This seems to be a general problem: The number of "Successful edits" have dropped.

Samwalton9-WMF renamed this task from Can't log in or out - Invalid CSRF token to Can't log in or out or save edits - Invalid CSRF token.Dec 13 2022, 12:25 PM

Thanks for the report, we are investigating an issue with our sessionstore service. We've seen sign of recovery in recent minutes, are you still having difficulties?

I just logged out and back in successfully.

I see a recovery now for mediawiki, wikidata and da.wikipedia.

The incident should be resolved by now

Samwalton9-WMF claimed this task.

Seeing logged-in edits again and confirmation from a substantial number of users that issues are resolved.

Change 867572 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] sessionstore: Don't pin sessionstore to specific rows

Change 867572 merged by jenkins-bot:

[operations/deployment-charts@master] sessionstore: Don't pin sessionstore to specific rows