On Wed, Jan 27, 2016 at 8:46 PM, Magog The Ogre magog.the.ogre@gmail.com wrote:
Good evening. For the past week, my bot has intermittently been seeing this error when it tries to edit or upload:
API Error: Array ( [code] => badtoken [info] => Invalid token [*] => See http://commons.wikimedia.org/w/api.php for API usage )
It is unpredictable; it will occasionally fail for one thread, and then work for a thread an hour later. Deleting the cookies has on occasion fixed the issue for a few days.
Is there anything that can be done to fix this? Magog
Yes, session handling changed significantly; there was an announcement two weeks ago with details [1]. The changes caused a handful of bots to misbehave; so far we have identified two causes: - some bots had a simplistic way of handling cookies that did ignored expiration dates. The details of exactly when cookies are expired during a login sequence have changed, and this confused those bots. - some bots sent HTTP requests. Wikimedia officially dropped HTTP support almost a year ago, but in practice HTTP POST requests are still accepted. Last week started setting the 'secure' flag on all cookies which also broke bots.
These changes have been reverted for now, but if your bot was affected, please fix it. Bots should send all requests through HTTPS and they should use RfC 6265 compliant cookie handling (when in doubt, use cURL cookie jars or the standard HTTP library of your language (e.g. requests in Python); those tend to get it right.
You can find more details in the Phabricator task tracking the issue, T124252 [2]. If you are still seeing problems, please report them with more details there (ideally the full API request & response, with passwords and session and token cookies removed).
[1] https://lists.wikimedia.org/pipermail/wikitech-l/2016-January/084501.html [2] https://phabricator.wikimedia.org/T124252