Frequent logouts on all clients

Nextcloud version (eg, 12.0.2): 17.0.2
Operating system and version (eg, Ubuntu 17.04): Ubuntu 18.04
Apache or nginx version (eg, Apache 2.4.25): 2.4.29
PHP version (eg, 7.1): 7.2.24

The issue you are facing:

I am seeing an issue with NextCloud clients (Web, Android, MacOS) getting logged out after 5-15 minutes. This seems to have started occurring after upgrading to 17.0.2.

Things I’ve tried:

  • increase session_lifetime in config.php
  • enable session_keepalive
  • disable bruteforce protection (lots of logins = lots of password typos)

In the log I see “Login failed” and “NotAuthenticated messages”. These don’t tell me anything I didn’t already know.

I’ve checked the cookie timeouts client-side and they look fine (and match session_lifetime). I can see session files being created in my php install.

Any suggestions for further debugging steps would be very helpful. Thanks!


Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Log in to my next cloud instance on Web, Android, or MacOS
  2. Wait ~10 minutes
  3. Client is automatically logged out

The output of your Nextcloud log in Admin > Logging:

Level	App	Message		Time
Debug	core	OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in	
2020-01-15T16:16:48+0100
Debug	webdav	Sabre\DAV\Exception\NotAuthenticated: No public access to this resource., Username or password was incorrect, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, Username or password was incorrect	
2020-01-15T16:16:44+0100
Debug	webdav	Sabre\DAV\Exception\NotAuthenticated: No public access to this resource., Username or password was incorrect, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, Username or password was incorrect	
2020-01-15T16:16:44+0100
Debug	core	OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in	
2020-01-15T16:16:37+0100
Warning	core	Login failed: 'spencer' (Remote IP: '129.129.71.142')	
2020-01-15T16:16:37+0100
Debug	core	OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in	
2020-01-15T16:16:23+0100
Debug	core	OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in	
2020-01-15T16:16:06+0100
Debug	core	OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in	
2020-01-15T16:16:05+0100
Warning	core	Login failed: 'spencer' (Remote IP: '129.129.71.142')	
2020-01-15T16:16:05+0100
Debug	cron	Finished OCA\Text\Cron\Cleanup job with ID 6013 in 0 seconds	
2020-01-15T16:15:07+0100
Debug	text	Removed 0 inactive sessions	
2020-01-15T16:15:07+0100
Debug	text	Run cleanup job for text sessions	
2020-01-15T16:15:07+0100
Debug	cron	Run OCA\Text\Cron\Cleanup job with ID 6013	
2020-01-15T16:15:07+0100
Debug	cron	Finished OCA\DAV\BackgroundJob\EventReminderJob job with ID 6012 in 0 seconds	
2020-01-15T16:15:07+0100
Debug	cron	Run OCA\DAV\BackgroundJob\EventReminderJob job with ID 6012	
2020-01-15T16:15:07+0100
Debug	cron	Finished OCA\Files_Versions\BackgroundJob\ExpireVersions job with ID 4476 in 0 seconds	
2020-01-15T16:15:06+0100
Debug	cron	Run OCA\Files_Versions\BackgroundJob\ExpireVersions job with ID 4476	
2020-01-15T16:15:06+0100
Debug	cron	Finished OCA\Files_Trashbin\BackgroundJob\ExpireTrash job with ID 4475 in 0 seconds	
2020-01-15T16:15:06+0100
Debug	cron	Run OCA\Files_Trashbin\BackgroundJob\ExpireTrash job with ID 4475	
2020-01-15T16:15:06+0100
Debug	cron	Finished OCA\Files\BackgroundJob\CleanupFileLocks job with ID 4474 in 0 seconds	
2020-01-15T16:15:06+0100
Debug	cron	Run OCA\Files\BackgroundJob\CleanupFileLocks job with ID 4474	
2020-01-15T16:15:06+0100
Debug	cron	Finished OCA\Support\BackgroundJobs\CheckSubscription job with ID 5214 in 0 seconds	
2020-01-15T16:15:06+0100
Debug	cron	Run OCA\Support\BackgroundJobs\CheckSubscription job with ID 5214	
2020-01-15T16:15:06+0100
Debug	cron	Finished OCA\Files\BackgroundJob\ScanFiles job with ID 5155 in 0 seconds	
2020-01-15T16:15:05+0100
Debug	OC\Files\Cache\Scanner	!!! Path '' is not accessible or present !!!	
2020-01-15T16:15:05+0100
Debug	cron	Run OCA\Files\BackgroundJob\ScanFiles job with ID 5155	
2020-01-15T16:15:05+0100
Debug	cron	Finished OCA\Activity\BackgroundJob\EmailNotification job with ID 1 in 0 seconds	
2020-01-15T16:15:05+0100
Debug	cron	Run OCA\Activity\BackgroundJob\EmailNotification job with ID 1	
2020-01-15T16:15:05+0100
Debug	cron	Finished OCA\DAV\BackgroundJob\UpdateCalendarResourcesRoomsBackgroundJob job with ID 5210 in 0 seconds	
2020-01-15T16:15:04+0100
Debug	cron	Run OCA\DAV\BackgroundJob\UpdateCalendarResourcesRoomsBackgroundJob job with ID 5210	
2020-01-15T16:15:04+0100
Debug	cron	Finished OC\Core\BackgroundJobs\CleanupLoginFlowV2 job with ID 5976 in 0 seconds	
2020-01-15T16:15:04+0100
Debug	cron	Run OC\Core\BackgroundJobs\CleanupLoginFlowV2 job with ID 5976	
2020-01-15T16:15:04+0100
Debug	cron	Finished OC\Preview\BackgroundCleanupJob job with ID 5207 in 0 seconds	
2020-01-15T16:15:04+0100
Debug	cron	Run OC\Preview\BackgroundCleanupJob job with ID 5207	
2020-01-15T16:15:04+0100
Debug	cron	Finished OC\Log\Rotate job with ID 5204 in 0 seconds	
2020-01-15T16:15:04+0100
Debug	cron	Run OC\Log\Rotate job with ID 5204	
2020-01-15T16:15:04+0100
Debug	cron	Finished OC\Authentication\Token\DefaultTokenCleanupJob job with ID 5203 in 0 seconds	
2020-01-15T16:15:03+0100
Debug	cron	Invalidating remembered session tokens older than 2019-12-31T15:15:03+00:00	
2020-01-15T16:15:03+0100
Debug	cron	Invalidating session tokens older than 2020-01-01T15:15:03+00:00	
2020-01-15T16:15:03+0100
Debug	cron	Invalidating remembered session tokens older than 2019-12-31T15:15:03+00:00	
2020-01-15T16:15:03+0100
Debug	cron	Invalidating session tokens older than 2020-01-01T15:15:03+00:00	
2020-01-15T16:15:03+0100
Debug	cron	Run OC\Authentication\Token\DefaultTokenCleanupJob job with ID 5203	
2020-01-15T16:15:03+0100
Debug	cron	Finished OCA\UpdateNotification\ResetTokenBackgroundJob job with ID 5168 in 0 seconds	
2020-01-15T16:15:03+0100
Debug	cron	Run OCA\UpdateNotification\ResetTokenBackgroundJob job with ID 5168	
2020-01-15T16:15:03+0100
Debug	cron	Finished OCA\Files_Sharing\DeleteOrphanedSharesJob job with ID 5164 in 0 seconds	
2020-01-15T16:15:03+0100
Debug	DeleteOrphanedSharesJob	0 orphaned share(s) deleted	
2020-01-15T16:15:03+0100
Debug	cron	Run OCA\Files_Sharing\DeleteOrphanedSharesJob job with ID 5164	
2020-01-15T16:15:03+0100
Debug	cron	Finished OC\Authentication\Token\DefaultTokenCleanupJob job with ID 5160 in 0 seconds	
2020-01-15T16:15:03+0100
Debug	cron	Invalidating remembered session tokens older than 2019-12-31T15:15:03+00:00	
2020-01-15T16:15:03+0100
Debug	cron	Invalidating session tokens older than 2020-01-01T15:15:03+00:00	
2020-01-15T16:15:03+0100
Debug	cron	Invalidating remembered session tokens older than 2019-12-31T15:15:03+00:00	
2020-01-15T16:15:03+0100
Debug	cron	Invalidating session tokens older than 2020-01-01T15:15:03+00:00	
2020-01-15T16:15:03+0100
Debug	cron	Run OC\Authentication\Token\DefaultTokenCleanupJob job with ID 5160	
2020-01-15T16:15:03+0100
Info	cli	Memcache \OC\Memcache\APCu not available for distributed cache	
2020-01-15T16:15:02+0100
Info	cli	Memcache \OC\Memcache\APCu not available for local cache	
2020-01-15T16:15:02+0100
Debug	core	OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in	
2020-01-15T16:09:58+0100
Debug	core	OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in	
2020-01-15T16:09:51+0100
Debug	core	OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in	
2020-01-15T16:09:51+0100
Warning	core	Login failed: 'spencer' (Remote IP: '129.129.71.142')	
2020-01-15T16:09:50+0100
Debug	core	OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in	
2020-01-15T16:06:06+0100
Debug	webdav	Sabre\DAV\Exception\NotAuthenticated: No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured	
2020-01-15T16:06:04+0100
Debug	webdav	Sabre\DAV\Exception\NotAuthenticated: No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured	
2020-01-15T16:06:04+0100
Debug	core	OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in	
2020-01-15T16:04:02+0100

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' =>
  array (
    0 => '',
  ),
  'datadirectory' => '/mnt/clouddata/clouddata',
  'overwrite.cli.url' => 'http://x.local/cloud',
  'dbtype' => 'mysql',
  'version' => '17.0.2.1',
  'dbname' => 'owncloud',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'owncloud',
  'dbpassword' => '',
  'logtimezone' => 'UTC',
  'installed' => true,
  'maintenance' => false,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'theme' => '',
  'loglevel' => 0,
  'updatechecker' => false,
  'trashbin_retention_obligation' => 'auto',
  'filesystem_check_changes' => 0,
  'mysql.utf8mb4' => true,
  'session_lifetime' => 1209600,
  'session_keepalive' => true,
  'auth.bruteforce.protection.enabled' => false,
  'logfile' => '/mnt/clouddata/clouddata/nextcloud.log',
);

The output of your Apache/nginx/system log in /var/log/____:

(No errors. Access log omitted due to length limit)

I would assume the the cookie settings or handling in the web browser is responsible for the problems, due to the fact that sessions are managed using session cookies. I made e.g. the experience, that companies or users rolled-out a policy for their web browsers or web browser addin, to delete all cookies on exit or after some time, to protect privacy. Unfortunately this caused the described effect. After they changed the policy to delete cookies when logging-out from the PC, everything worked fine again.

How would I go about deleting cookies from the Mac or Android client?

Cookies are not in the responsibility of the Nextcloud client app, but the default installed web browser. So you should check how the settings are in the web browser configuration.

I tried clearing cache and cookies but was unsuccessful. This was unlikely to be the culprit because it occurs across browsers and devices.

One possible hint is that my Android client reports ‘SSL initialization failed’, alongside an expected ‘upload failed, log in again. Wrong username or password’. I use letsencrypt for my SSL and the certificate is current, but maybe there’s an SSL problem? The server is cloud.bliven.us.

I’m also seeing some login problems, such as ‘wrong password’ errors where I’m certain the password was correct.

I wonder if I have some problems with the access tokens. I’d like to clean out my database as much as possible: delete all existing sessions, auth tokens, etc. Can anyone provide instructions how to do this? I’m worried about breaking my install if I delete too much. Here’s my idea:

  1. stop apache
  2. log out all clients, delete cookies (browsers), and quit clients
  3. (backup)
  4. Delete all sessions from /var/lib/php/sessions
  5. clear all log files
  6. clear the authtoken table
  7. clear the text_sessions table (currently already empty)

Am I missing any tables or files that should be deleted?

I’m also facing the problem of frequent logouts. My Browser doesn’t delete Cookies, i cleared the authtoken table and the bruteforce one. In the nextcloud-log i found these messages: “Sabre\DAV\Exception\NotAuthenticated: Username or password was incorrect, No ‘Authorization: Bearer’ header found. Either the client didn’t send one, or the server is mis-configured”
I tried every hint i found via google or in this forum, but nothing works. I talked to my web hoster (i use a shared hosting offer) and he believes that there is an error using DAV-connection.
I installed an test installation which just connects to the windows app. Normally i use calendar and contacts sync via Thunderbird (Windows) and DAVx (on 2 android phones) and the windows app on my laptop.
If anyone wants to check i can sent him username and passwort to my test-installation. My web hoster got the same error using my test-installation.

Any hints what to do would be great.

Greetings
Christian