Page MenuHomePhabricator

Ability to recover from an Expired session (badtoken)
Closed, ResolvedPublic

Description

Reports of user getting the badtoken API error. This was traced back by the user to the user's session having expired during the steps of the upload.

The wizard (and much of our JS/API/UI btw) does not really handle expired sessions nicely, probably an area where we need to improve. I believe we have an 'assert' for this on the API nowadays ? Perhaps it needs to be used by the UW api calls.

https://commons.wikimedia.org/wiki/Commons:Upload_Wizard_feedback#Internal_error:_bad_token


Version: master
Severity: normal

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:39 AM
bzimport added a project: UploadWizard.
bzimport set Reference to bz69691.
bzimport added a subscriber: Unknown Object (MLST).

I don't see how an assert would help (unless you are on a wiki which allows anonymous uploads).

I think what the user here is after is consistency. So if he enters as a logged in user, he expects to upload and finish all the steps as a user as well. So when we start, check if user is logged in, if he is, add "assert=user", if assert fails, see if we can help the user log in again.

Anonymous uploads are disallowed though (actually UW does not work without logging in even if you allow them - that's a separate bug), so AFAIK the only difference an assert makes is that the API error will be assertuserfail instead of badtoken.

A more helpful error message linking (with target=_blank) to the login page would certainly be helpful.

Maybe something like bug 69314 can be done in UploadWizard as well?

See also bug 69596.

Gilles triaged this task as Medium priority.Nov 24 2014, 2:04 PM
Gilles subscribed.
matmarex renamed this task from Ability to recover from an Expired session to Ability to recover from an Expired session (badtoken).Apr 30 2015, 11:42 PM
matmarex set Security to None.
matmarex edited subscribers, added: matmarex; removed: MingleTerminator, Unknown Object (MLST).

Wow, this really should have had higher priority.

Change 208043 had a related patch set uploaded (by Bartosz Dziewoński):
mediawiki.api: Add #badToken for invalidating bad cached tokens

https://gerrit.wikimedia.org/r/208043

Change 208044 had a related patch set uploaded (by Bartosz Dziewoński):
Recover from 'badtoken' error when uploading

https://gerrit.wikimedia.org/r/208044

Jdforrester-WMF raised the priority of this task from Medium to High.May 5 2015, 3:57 PM

Change 208043 merged by jenkins-bot:
mediawiki.api: Add #badToken for invalidating bad cached tokens

https://gerrit.wikimedia.org/r/208043

Change 208044 merged by jenkins-bot:
Recover from 'badtoken' error when uploading

https://gerrit.wikimedia.org/r/208044

I assume we need one more patch once the blocker is fixed?

I think this is actually all, the core patch and the UploadWizard patch.

Change 238325 had a related patch set uploaded (by Bartosz Dziewoński):
Really recover from 'badtoken' error when uploading

https://gerrit.wikimedia.org/r/238325

Change 238334 had a related patch set uploaded (by MarkTraceur):
Really recover from 'badtoken' error when uploading

https://gerrit.wikimedia.org/r/238334

Change 238325 merged by jenkins-bot:
Really recover from 'badtoken' error when uploading

https://gerrit.wikimedia.org/r/238325

Change 238334 merged by jenkins-bot:
Really recover from 'badtoken' error when uploading

https://gerrit.wikimedia.org/r/238334