On Wed, Jan 27, 2016 at 8:46 PM, Magog The Ogre <magog.the.ogre(a)gmail.com>
wrote:
Good evening. For the past week, my bot has
intermittently been seeing this
error when it tries to edit or upload:
API Error: Array
(
[code] => badtoken
[info] => Invalid token
[*] => See
http://commons.wikimedia.org/w/api.php for API usage
)
It is unpredictable; it will occasionally fail for one thread, and then
work for a thread an hour later. Deleting the cookies has on occasion fixed
the issue for a few days.
Is there anything that can be done to fix this?
Magog
Yes, session handling changed significantly; there was an announcement two
weeks ago with details [1].
The changes caused a handful of bots to misbehave; so far we have
identified two causes:
- some bots had a simplistic way of handling cookies that did ignored
expiration dates. The details of exactly when cookies are expired during a
login sequence have changed, and this confused those bots.
- some bots sent HTTP requests. Wikimedia officially dropped HTTP support
almost a year ago, but in practice HTTP POST requests are still accepted.
Last week started setting the 'secure' flag on all cookies which also broke
bots.
These changes have been reverted for now, but if your bot was affected,
please fix it. Bots should send all requests through HTTPS and they should
use RfC 6265 compliant cookie handling (when in doubt, use cURL cookie jars
or the standard HTTP library of your language (e.g. requests in Python);
those tend to get it right.
You can find more details in the Phabricator task tracking the issue,
T124252 [2]. If you are still seeing problems, please report them with more
details there (ideally the full API request & response, with passwords and
session and token cookies removed).
[1]
https://lists.wikimedia.org/pipermail/wikitech-l/2016-January/084501.html
[2]
https://phabricator.wikimedia.org/T124252