Hacker News new | ask | show | jobs
by kerbs 1459 days ago
Targets mobile apps were down over Black Friday many years back for a very similar reason – logic done on status codes.

A 403 in the API had a very specific meaning, and when the proxy layer started returning 403s everyone had a really bad time.

(That was a long day)
1 comments
marcosdumay 1459 days ago
> A 403 in the API had a very specific meaning

And that meaning wasn't "you are authenticated as a user that can not access this resource"?

link
kerbs 1456 days ago
It meant the client was expected to then make a request to refresh their session token.

Because of the middle layer sending a 403 instead of the API, clients would request refresh tokens in an infinite loop.

link