[hericium]

> On March 8, Google Cloud Traffic Director experienced an outage. This in coordination with a bug in a client (gRPC) library caused the Spotify outage that affected many of our users: if you were logged out of a Spotify app, you were unable to log back in.

[superjan]

But they don’t explain why I was logged out. I did not log out myself. Or is this “logged out” in the sense that I did not have their app active at the time of the disruption?

[benatkin]

Logging out on a 401 is pretty common in authentication, because it gives the user an opportunity to sign in again. Maybe the problem resulted in a 401 being returned, when it would have been better to return a 500.

[sususu]

In the web at least it was returning 500, I guess that the desktop/mobile apps make some check in intervals. When the backend returned 500 the app thought that the current login could not be authenticated and logged out everybody

[benatkin]

I think some will aggressively log out even on 500s. If you log out 500s that's not the same as logging out failed network requests. The server has to actually send a response, so while it will erroneously log out sometimes, in a reliable api, or one that sends errors in 200s but is otherwise reliable, it won't be so often that a whole lot of users give up. Plus some API middlewares will default to hiding error response codes for security and always send 500 no matter what the upstream response code (this assumes the error codes aren't needed by the devs because they can look at the logs).

I've seen logging out on failed network requests, but that is highly annoying and frequently occurs and typically just a coding mistake.

[detinho]

Maybe some token expired and could not be renewed. They also mentioned a bug on a client grpc library.

[RL_Quine]

Everybody was instantly logged out, which doesn’t make sense if their backend just went down, as the app normally works fine offline.

[addandsubtract]

Well, not everybody, since I was logged in all week and didn't experience any downtime.