this post was submitted on 11 Jul 2023
14 points (93.8% liked)

Programming.dev Meta

2606 readers
6 users here now

Welcome to the Programming.Dev meta community!

This is a community for discussing things about programming.dev itself. Things like announcements, site help posts, site questions, etc. are all welcome here.

Links

Credits

founded 2 years ago
MODERATORS
snowe
Ategon
14
What does "Sessions have been invalidated. You will need to log out and log back in." mean? (self.meta)
submitted 2 years ago by choroalp to c/meta
7 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] canpolat 14 points 2 years ago* (last edited 2 years ago) (1 children)

Here is my understanding:

Recently, a security vulnerability of Lemmy has been exploited by some malicious actors. This lead to some instances going down. The vulnerability has been fixed with version 0.18.2-rc.1 of lemmy-ui. But due to the way Lemmy issues and uses access tokens, the sessions has been invalidated in the database. So, the admins are recommending the users to log out and log back in if they haven't done so after the upgrade to version 0.18.2-rc.1 of lemmy-ui.

But I may be wrong. Perhaps others can provide a more accurate description.

[–] jormaig 2 points 2 years ago (1 children)

I'm in jerboa but everything seems to continue working. Is this normal?

[–] canpolat 2 points 2 years ago

To be honest, I cannot be sure that session invalidation actually worked. I could use the session from the day before as well. But the vulnerability was in lemmy-ui, and people not using the web site directly should be fine, I guess. If you want to be on the safe side, you can log out and log back in. It takes only a few seconds.