Skip to content

Do not forcibly log out user if user retrieval fails with a server error code#36897

Merged
peppy merged 2 commits intoppy:masterfrom
bdach:dont-logout-on-500s
Mar 10, 2026
Merged

Do not forcibly log out user if user retrieval fails with a server error code#36897
peppy merged 2 commits intoppy:masterfrom
bdach:dont-logout-on-500s

Conversation

@bdach
Copy link
Copy Markdown
Collaborator

@bdach bdach commented Mar 9, 2026
edited by peppy
Loading

This behaviour caused users to get forcibly logged out of the game during yesterday's redis outage.

From one case where logs were provided:

  • User had repeated timeouts on API requests; consequently, API went into failing state

  • On one of the login retries /api/v2/me returned a 500 with no error details ({"error":null} JSON response) which resulted in an instant logout as per

    osu/osu.Game/Online/API/APIAccess.cs

    Lines 323 to 324 in 7263551

    log.Add($@"Login failed for username {ProvidedUsername} on user retrieval ({LastLoginError.Message})!");
    Logout();

This PR intends to only forcibly log the user out if the returned error code indicates a client error. If it is a server error, the login is preserved and a normal retry loop proceeds.

This can be tested with a local web instance via following steps:

  1. Start osu-web and a client instance connected to it.
  2. Log in on the client instance.
  3. Kill (^C) osu-web.
  4. Trigger a few requests in the client and wait for enough of them to fail for the API to change to Failing state.
  5. Apply
diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php
index db34639abf2..392a844882a 100644
--- a/app/Http/Controllers/UsersController.php
+++ b/app/Http/Controllers/UsersController.php
@@ -581,6 +581,8 @@ class UsersController extends Controller
      */
     public function me($mode = null)
     {
+        abort(500);
+
         $user = \Auth::user();
         $currentMode = $mode ?? $user->playmode;
  1. Start osu-web again.
  2. On master this will log the user out forcibly. On this PR, the user will remain in Failing state.
  3. Undo patch from step (5) (restarting web is not required).
  4. On this PR, the client will be logged back in.

Of particular note, if in the above scenario you apply an abort(403) or similar in step (5), the user will still get forcibly logged out.

@bdach
Do not forcibly log out user if user retrieval fails with a server er…
0c43425 
…ror code

This behaviour caused users to get forcibly logged out of the game
during yesterday's redis outage.

From one case where logs were provided
(https://discord.com/channels/188630481301012481/1097318920991559880/1480201862610423933):

- User had repeated timeouts on API requests; consequently, API went
  into failing state
- On one of the login retries `/api/v2/me` returned a 500 with no error
  details (`{"error":"null}` JSON response) which resulted in
  an instant logout as per

  https://github.com/ppy/osu/blob/7263551aa868911a7d9148cf2cb16f9e0325f531/osu.Game/Online/API/APIAccess.cs#L323-L324

This PR intends to only forcibly log the user out if the returned error
code indicates a client error. If it is a server error, the login is
preserved and a normal retry loop proceeds.

This can be tested with a local web instance via following steps:

1. Start `osu-web` and a client instance connected to it.
2. Log in on the client instance.
3. Kill (`^C`) `osu-web`.
4. Trigger a few requests in the client and wait for enough of them to
   fail for the API to change to `Failing` state.
5. Apply

```diff
diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php
index db34639abf2..392a844882a 100644
--- a/app/Http/Controllers/UsersController.php
+++ b/app/Http/Controllers/UsersController.php
@@ -581,6 +581,8 @@ class UsersController extends Controller
      */
     public function me($mode = null)
     {
+        abort(500);
+
         $user = \Auth::user();
         $currentMode = $mode ?? $user->playmode;

```

6. Start `osu-web` again.
7. On master this will log the user out forcibly. On this PR, the user
   will remain in `Failing` state.
8. Undo patch from step (5) (restarting web is not required).
9. On this PR, the client will be logged back in.
@bdach bdach requested a review from peppy March 9, 2026 10:32
@bdach bdach self-assigned this Mar 9, 2026
@bdach bdach added the area:online functionality Deals with online fetching / sending but don't change much on a surface UI level. label Mar 9, 2026
@bdach bdach moved this from Inbox to Pending Review in osu! team task tracker Mar 9, 2026
peppy
peppy approved these changes Mar 10, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@peppy peppy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

test

@peppy peppy merged commit caffc72 into ppy:master Mar 10, 2026
8 checks passed
@github-project-automation github-project-automation bot moved this from Pending Review to Done in osu! team task tracker Mar 10, 2026
@bdach bdach deleted the dont-logout-on-500s branch March 10, 2026 06:38
This was referenced Mar 16, 2026
Closed
Closed
Closed
Closed
Open
Closed
Merged
Merged
Closed
Closed
Merged
Closed
Closed
This was referenced Apr 6, 2026
Closed
Closed
This was referenced Apr 6, 2026
Closed
Open
Merged
Closed
Closed
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peppy peppy peppy approved these changes

Assignees

@bdach bdach

Labels

area:online functionality Deals with online fetching / sending but don't change much on a surface UI level. size/S

Projects

osu! team task tracker
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bdach @peppy