Reports of user logged out twice today - related to recent auth tokens changes?

I found myself logged out of my forum when I opened the Discourse native iOS app this morning :frowning:

Haven’t seen similar happen on meta in the native app. Will keep an eye on things and let you know if it happens again.

A couple of more fixes over the weekend and today to allow for iOS crazy

It seems that in certain cases

  • We give webkit on iOS a new cookie
  • It echos this cookie back to us
  • (time passes)
  • It sends us the old cookie instead of the new one (as if it did not flush the new cookie to disk)

I added a fix to allow for this situation better and a subsequent bugfix to the fix.


Much appreciate your attention to detail. Cheers @Sam :thumbsup:

Stuff has been looking much better on our side, will close this in 3 more days unless someone keeps seeing issues.


Likewise, no issues reported in my forum since we last spoke. Thanks @Sam

4 posts were split to a new topic: 500 error when logging in – plugin related?

This topic was automatically closed after 3 days. New replies are no longer allowed.

Reopened cause this issue is still happening, current issue is that once cookie gets corrupt, cause browser did not write it to disk users get a 500 error.

I am fixing that so at least they are simply logged off.


Ah yes, I guess therefore a simple logout and login fixed the error 500 issue for me?

Yes, that would be it, I am fixing the edge case here, what browser were you using when you experienced the issue here.

I honestly never knew it would be this hard to convince web browsers to write a cookie to disk.

It happened to me on our hosted Discourse instance (by you) several times today. I’m using Chrome 56.0.2924.87 (64-bit) on Windows 10.

1 Like

I enabled verbose auth token logging on your instance, let me know when it happens next

I hate to leave this topic open forever, but yet again we saw the exact issue across various browsers.

I just made some changes to adjust the process of dealing with invalid tokens a bit. In particular I eliminated the chance of getting the 500 errors people were seeing, added more logging and handled a corner case where we are presented with old tokens a bit better.

Let’s see how it goes.


I just had it on our site again. Same browser, I hope the error helps you in fixing the issue.

Thanks! just redeployed my fixes from earlier on to your site, can you ping me again next time it happens.

You should not see a 500 error anymore, but a random logout is possible.

Can you tell me a bit more about how you are using your browser, do you have lots of tabs open to your site?


I will let you know when it happens again.Re: tabs -> I think usually 1-4 tabs open on our site.

Have you noticed any random logout since yesterday?

No, not anymore. Maybe other users but haven’t received any reports.

Anyone still getting issues? I have not noticed anything since my last round of changes.