| DAlangi_WMF | |
| Nov 27 2024, 11:42 AM |
| F57753818: Screenshot Capture - 2024-11-27 - 19-16-10.png | |
| Nov 27 2024, 6:21 PM |
MediaWiki\Extension\CentralAuth\Special\SpecialCentralAutoLogin::execute: Bad token: bad token
exception.trace
756 errors in the last 7 days
These are warnings but it's worth looking at.
The frequency of these has been pretty stable over time:
The CentralAuth token is stashed into the token store on the login wiki in the /validateSession step, and retrieved and verified on the local wiki in the next step of the redirect chain, /setCookies. So the natural explanation would be the actual token changing in the meantime (the user logging out or getting locked out) but that happening a hundred times per day does sound implausible...
Maybe an infrastructure issue similar to T380500: CentralAuthUser returning outdated data after user creation (just with the tokenstore instead of the DB or WAN cache)? In theory we send all autologin requests to the primary DC so cross-DC replication shouldn't be an issue.
T383049: No central session found is similar, but with the session store instead of the token store. (Although the session store is Kask and the token store is the microstash so there is not much infrastructure overlap there.)
T383049: No central session found where just warnings that got removed in https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1148486/. On that basis, can ignore these for now too because they're just warnings but if we want to reduce log noise, we can consider making them debug logs.