Page MenuHomePhabricator
Create Task
Maniphest T380969

MediaWiki\Extension\CentralAuth\Special\SpecialCentralAutoLogin::execute: Bad token: bad token
Open, Needs TriagePublicPRODUCTION ERROR
Actions

Description

Error
normalized_message
MediaWiki\Extension\CentralAuth\Special\SpecialCentralAutoLogin::execute: Bad token: bad token
exception.trace
Impact

756 errors in the last 7 days

Notes

These are warnings but it's worth looking at.

Details

Request URL
https://en.wikivoyage.org/wiki/Special:CentralAutoLogin/setCookies?from=*&type=*

Related Objects

Event Timeline

DAlangi_WMF created this task.Nov 27 2024, 11:42 AM
Restricted Application added projects: Wikimedia-production-error, MediaWiki-Platform-Team. · View Herald TranscriptNov 27 2024, 11:42 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Tgr subscribed.Nov 27 2024, 6:21 PM

The frequency of these has been pretty stable over time:

Screenshot Capture - 2024-11-27 - 19-16-10.png (504×1 px, 52 KB)
(chart)

The CentralAuth token is stashed into the token store on the login wiki in the /validateSession step, and retrieved and verified on the local wiki in the next step of the redirect chain, /setCookies. So the natural explanation would be the actual token changing in the meantime (the user logging out or getting locked out) but that happening a hundred times per day does sound implausible...

Tgr added a comment.Dec 2 2024, 10:14 AM

Maybe an infrastructure issue similar to T380500: CentralAuthUser returning outdated data after user creation (just with the tokenstore instead of the DB or WAN cache)? In theory we send all autologin requests to the primary DC so cross-DC replication shouldn't be an issue.

brennen moved this task from Untriaged to Nov 2024 on the Wikimedia-production-error board.Dec 19 2024, 4:36 PM
JTweed-WMF moved this task from Inbox, needs triage to Blocked/waiting on the MediaWiki-Platform-Team board.Jan 6 2025, 4:15 PM
Tgr added a comment.Jan 6 2025, 9:20 PM

T383049: No central session found is similar, but with the session store instead of the token store. (Although the session store is Kask and the token store is the microstash so there is not much infrastructure overlap there.)

DAlangi_WMF mentioned this in T385312: MediaWiki\Extension\CentralAuth\Special\SpecialCentralAutoLogin::execute: Bad token: locked.Mon, Feb 3, 3:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits