I stumbled across the same issue. Usually, old tokens get cleaned up in the cron scripts, but currently (NC 24) the cron script does not include the deletion of stale login tokens anymore. The job was called DefaultTokenCleanupJob
. They removed it (accidentally?) in this PR. It is noted in the Critical changes for developers and admins for Nextcloud 24.
However, they plan to add it back in Nextcloud 25. When added back, the session_lifetime
should work again.
One can check by logging onto the mariadb/mysql process with the nextcloud credentials, select the nextcloud database, and execute select * from oc_jobs;
. From there, look for OC\Authentication\Token\DefaultTokenCleanupJob
and compare the column last_run
which is the unix timestamp.