From d9cf33265dc087bd0e59d51ff3f1abbac8ee46ad Mon Sep 17 00:00:00 2001 From: uprightbass360 Date: Sun, 15 Feb 2026 23:06:22 -0500 Subject: [PATCH] Fix rate limiting by reusing global session cookies for all channels Per-channel cookie jars start empty, which forces a separate login API call for each channel playback request. When a user browses channels and then plays one, the rapid back-to-back login calls to the SiriusXM API trigger server-side rate limiting (HTTP 500 on modify/authentication), preventing both channel listing and stream playback from working. This change makes get_channel_cookie_jar() always return the global cookie jar, so all channel requests share the single authenticated session established at proxy startup. The existing session-expiry and re-authentication logic continues to handle token refreshes as needed. --- Plugins/SiriusXM/Bin/sxm.pl | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/Plugins/SiriusXM/Bin/sxm.pl b/Plugins/SiriusXM/Bin/sxm.pl index 8ad4caa..33d91ce 100755 --- a/Plugins/SiriusXM/Bin/sxm.pl +++ b/Plugins/SiriusXM/Bin/sxm.pl @@ -403,17 +403,16 @@ sub new { # Get or create cookie jar for a specific channel sub get_channel_cookie_jar { my ($self, $channel_id) = @_; - - # If no channel_id specified, use global cookie jar for backward compatibility - return $self->{ua}->cookie_jar unless $channel_id; - - # Create channel-specific cookie jar if it doesn't exist - if (!exists $self->{channel_cookies}->{$channel_id}) { - $self->{channel_cookies}->{$channel_id} = HTTP::Cookies->new; - main::log_debug("Created new cookie jar for channel: $channel_id"); - } - - return $self->{channel_cookies}->{$channel_id}; + + # Always reuse the global cookie jar for all channels. + # Per-channel cookie jars start empty, forcing a separate login call + # for each channel playback request. Rapid back-to-back logins to the + # SiriusXM API trigger server-side rate limiting (HTTP 500), which + # prevents both channel listing and stream playback from working. + # Sharing the global session avoids redundant authentication while + # still allowing the existing session-expiry/re-auth logic to handle + # token refreshes when needed. + return $self->{ua}->cookie_jar; } # Set the user agent to use a specific channel's cookie jar