https://bugzilla.wikimedia.org/show_bug.cgi?id=73207
--- Comment #5 from Peter Bena <benap...@gmail.com> --- (In reply to Brad Jorsch from comment #3) > (In reply to Peter Bena from comment #1) > > whether the revert token retrieved by meta query is permanent, or if it > > changes for every revert. > > A new token is not required for for every revert, although there's nothing > stopping you from fetching a new token each time if you want. > > The token returned will change each time you fetch one due to the new > time-limited token functionality,[1] but at the moment any of the returned > tokens should be valid until the session expires or something triggers a > change to the token-secret in the session. > > [1]: > https://lists.wikimedia.org/pipermail/wikitech-l/2014-October/079092.html > > > (In reply to Peter Bena from comment #2) > > Only solution for us is to revert back to > > deprecated method which may be removed entirely from MediaWiki, leaving no > > working option. > > But you yourself state in comment 0 "and even if we fallback to previous > method, the new token we get is also invalid". So how can you claim in > comment 2 that you could use that method? > > > I've just submitted a few hundred rollbacks to enwiki that passed token > validation (to avoid flooding sandbox history and the like, they were > constructed to fail with code 'alreadyrolled' which is checked after token > validation). 150 used the same session and the same token, while 300 used a > new session with a newly-fetched token for each. You didn't specify when > "peak hours" are, but I see "Reverted" around 11-14 times per minute in > Special:RecentChanges at the moment and I'd think 1 out of 150 or 1 out of > 300 would have failed if you're seeing 1 out of *20*. > > It seems to me that it's more likely you've got something wrong in your code > with respect to session cookie handling or the like. The code is open source, you are free to check it, but this used to work in past and now it doesn't. The queries were submitted just as I posted here. Maybe it would be more useful if mediawiki produced more descriptive error than "badtoken" which doesn't really say anything. According to documentation it should be valid. In same moment as when rollback token stop being valid, edit tokens are still valid. Isn't that weird? -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
