this post was submitted on 11 Jul 2023
14 points (93.8% liked)

Programming.dev Meta

2445 readers
9 users here now

Welcome to the Programming.Dev meta community!

This is a community for discussing things about programming.dev itself. Things like announcements, site help posts, site questions, etc. are all welcome here.

Links

Credits

founded 1 year ago
MODERATORS
snowe
Ategon
14
What does "Sessions have been invalidated. You will need to log out and log back in." mean? (self.meta)
submitted 1 year ago by choroalp to c/meta
7 comments fedilink hide all child comments
top 7 comments
sorted by: hot top controversial new old
[–] canpolat 14 points 1 year ago* (last edited 1 year ago) (1 children)

Here is my understanding:

Recently, a security vulnerability of Lemmy has been exploited by some malicious actors. This lead to some instances going down. The vulnerability has been fixed with version 0.18.2-rc.1 of lemmy-ui. But due to the way Lemmy issues and uses access tokens, the sessions has been invalidated in the database. So, the admins are recommending the users to log out and log back in if they haven't done so after the upgrade to version 0.18.2-rc.1 of lemmy-ui.

But I may be wrong. Perhaps others can provide a more accurate description.

[–] jormaig 2 points 1 year ago (1 children)

I'm in jerboa but everything seems to continue working. Is this normal?

[–] canpolat 2 points 1 year ago

To be honest, I cannot be sure that session invalidation actually worked. I could use the session from the day before as well. But the vulnerability was in lemmy-ui, and people not using the web site directly should be fine, I guess. If you want to be on the safe side, you can log out and log back in. It takes only a few seconds.

[–] Lodra 2 points 1 year ago (1 children)

Where are you seeing this happen?

Usually, a "session" represents a client being logged into a server. For example, when you log into a website like github, a user session is created and bits of it are stored in cookies in your browser. This is what allows you to continue clicking around the website for a while without having to enter credentials constantly.

A session being invalidated usually means that the system has decided that you are no longer authenticated. For example, github hasn't seen you clicking around the site for 60 minutes and so it logs you out. But there are many reasons why this will happen. If you want to use the site again, you have to log back in.

FYI, this type of security is pretty basic stuff for web development. There's loads of info available if you want to learn more.

[–] canpolat 3 points 1 year ago (1 children)

Where are you seeing this happen?

It's at the top of the page when you visit programming.dev in a browser. I tried to explain what I know about it in a sibling comment.

Sessions have been invalidated

[–] choroalp 1 points 1 year ago

YES

[–] SuperFola 2 points 1 year ago

It means that you need to log back in, because the server forced you to disconnect.