CSRF check failed with custom session.save_path directory


I have a new installation of the Nextcloud 15.0.2 at a shared hoster.
At this shared hoster I must changed the default session.save_path directory within the php.ini file, because the default path /tmp is only writeable and so I had a login loop. Sometimes the login was succesful but then I will be logged out automatically after a few seconds.

With the changed session.save_path the login always works. But now I have the problem that I have a “CSRF check failed” error when I open the user manager and the user manager shows no users.

The access rights of my new session.save_path directory is right, the webserver user has write and read access. I already tested it with the rights 777.

Without the change of the session.save_path I can see my own user and I can create a new user before I will be logged out automatically.

I don’t know if the “CSRF check failed” is my main problem so I want to test is without CSRF check. Is it possible to deactivate the CSRF check?
Any other ideas why I get the CSRF check error or what this error has to do with the session.save_path?

I had also changed the Nextcloud tempdirectory within the config.php, access rights should be ok.


1 Like

It perhaps a hosting settings. Usually for the Nextcloud use VDS/VPS server, if you want to host on hosting.