Page MenuHomePhabricator
Create Task
Maniphest T388476

CentralAuthSessionProvider::provideSessionInfo: token mismatch for {username}
Open, Needs TriagePublicBUG REPORT
Actions

Description

The warning CentralAuthSessionProvider::provideSessionInfo: token mismatch for {username} is logged tens of thousands of time a day, with some huge spikes (e.g. 1.5M times on 2025-03-01). In small amounts it wouldn't be strange (it means the user's CentralAuth user token, gu_auth_token, changed, probably because the user logged out on a different device or domain and the token cookie on the current device or domain isn't valid anymore), but this seems quite high and spiky. A bug? A brute-forcing attempt? Maybe I'm just underestimating how often CentralAuth user tokens change?

Screenshot Capture - 2025-03-11 - 01-04-26.png (586×1 px, 54 KB)

Screenshot Capture - 2025-03-11 - 01-04-55.png (576×1 px, 54 KB)

(logstash)
(The logs start in January, because that's when rECAU90e91436f710: CentralAuthSessionProvider: Improve logging changed the log level, but presumably the event has been happening for much longer.)

Details

Request URL
https://meta.wikimedia.org/w/api.php?action=streamconfigs&constraints=*&format=*

Related Objects

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits