Claire

That is weird, I have no issue logging in using TOTP. I'm unsure what could be different between our setups. The gem used for generating/checking TOTP codes also does not...

@vmstan @WhiskeyOmega if you haven't cleared TOTP parameters for your account yet, can you try a few things? From Rails 7, in a Rails console (`RAILS_ENV=production bundle exec rails c`)...

One thing I missed with the cookie situation is that when doing zero-downtime migrations we may mix Rails 7 and Rails 6 workers, in which case it will lead to...

I'm wondering if we couldn't flip the thing around: write Rails 6.1 compatible cookies and support Rails 7 cookies, then in a later version switch that around to support both...

> I think there might be a typo in the last part here? ("dropping rails 7 cookies" should be the SHA1 Rails 6 cookies?). Definitely a typo, I meant “dropping...

> Still having users mention their 2FA is broken so its not like it fixes it over time in changing from Rails 6 to 7 workers. Was anything else found...

Not quite sure what's the deal with the CI, the dependencies do install fine on my end, and the tests do all run locally. That being said, our CI config...

@Lynnesbian can you try the following in a Rails console? (`RAILS_LOG_LEVEL=debug RAILS_ENV=production bundle exec rails c`) ```ruby MediaAttachment.where(status_id: 111662284185412725).find_each do |media| media.reset_file! media.reset_thumbnail! media.save puts "file size: #{media.file_file_size}\n" end ```

I think those are good suggestions. @danielmbrasil can you use those endpoint names? (not necessarily supporting `PUT` for now)

Note that we could add application-level logic to prevent the race conditions, and move the deduplication and index creation to a post-deployment migration. This should solve the most serious downside...