Nextcloud session close itself very often

Nextcloud version : Nextcloud Hub 3 (25.0.2)
Operating system and version : Ubuntu 22.04
nginx version : 1.18.0
PHP version : 8.0.22

The issue you are facing: even when workin in nextcloud (editing a document with onlyoffice) the session close each 10 minutes.

I have configure in php.ini :
session.gc_maxlifetime = 86400
=> so it should close each days…

I have in the config.phpo of nextcloud :
‘session_lifefime’ => 86400,
‘session_keepalive’ => true,
‘remember_login_cookie_lifetime’ => 1296000,

I use keycloak to connect to my session. (and the token is still valid (I just have to click on the keycloak buton on main page to return to the document.

where can configure to keep session open at least some hours…

Manythanks

1 Like

Some more information

  • The timeout seem’s to be precisly 10 minutes.
  • I try to autenticate with an ldap and get the same timout / deconnect

I try to find something in the log :
for both keycloak or Ldap it seem’s my “user” is no more known…

With LDAP:

{“reqId”:“vm2zK5sv5YNRQXwvHNE1”,“level”:0,“time”:“2023-01-16T21:37:59+00:00”,“remoteAddr”:“192.168.0.254”,“user”:“–”,“app”:“no app in context”,“method”:“GET”,“url”:“/apps/files/ajax/getstoragestats?dir=%2FCopro”,“message”:“OC_App::registerLogIn() is deprecated, please register your alternative login option using the registerAlternativeLogin() on the RegistrationContext in your Application class implementing the OCP\Authentication\IAlternativeLogin interface”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0”,“version”:“25.0.2.3”,“data”:}

and just after a lon messaghe with inside

“CustomMessage”:“Current user is not logged in”}

With Keycloak:

{“reqId”:“dwMqPjRcppXXnq2YSqjO”,“level”:0,“time”:“2023-01-16T21:18:03+00:00”,“remoteAddr”:“192.168.0.254”,“user”:“–”,“app”:“no app in context”,“method”:“PROPFIND”,“url”:“/remote.php/dav/files/xxxxxxxx”,“message”:“OC_App::registerLogIn() is deprecated, please register your alternative login option using the registerAlternativeLogin() on the RegistrationContext in your Application class implementing the OCP\Authentication\IAlternativeLogin interface”,“userAgent”:“Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0”,“version”:“25.0.2.3”,“data”:}

and just after a lon messaghe with inside

“message”:“No Bearer token”

any idee where to look at ?
It seem’s the information of current user disapear…

I can’t say anything about LDAP but I don’t see such issues with Keycloak. Session definitely survive longer than 15min… when “remember me” is chosen it even survives days including browser restart, closed tabs etc…

But you need to allow such session on KC side and advise the browser to remember cookies from KC host (not only NC)…

Thanks for help

Not sure to understand…
I try to go into firefoxe to set exception on cookie but it does not change…

And by the way I think the problem it more in my nextcloud conf.
I set in the config.php

‘session_lifefime’ => 300,

but it still close after 10 minutes, not 5 minutes…

Some more tests it is not 15 minutes but 10 minutes in fact (I have corrected above…)

I have try to change the folowing parameter :

‘remember_login_cookie_lifetime’ => 60 * 60 * 24 * 15,
‘session_lifetime’ => 60 * 60 * 24,
‘session_relaxed_expiry’ => false,
‘session_keepalive’ => true,
‘auto_logout’ => false,

And I have check in firefox the cookies life time :
either they are very long, either limited to the session
=> and I think session is manage by nextcloud…

any other idee or test to do to go further ?

Still with this timeout problem…
I was wondering if it could be my nginx (acting like proxy) who could filter some token?

Hello

I think I found something!!!

When I put the parameter (in config.php):

‘token_auth_enforced’ => true,

It works !! my session stay active more than 10 minutes :slight_smile:

BUT the calDAV and CardDAV from IOS device no more works (I did not test with android devices)

If I put it back to

‘token_auth_enforced’ => false,

CalDAV ans CarddDAV synchro work again, but session last only 10 minutes…

Is there another parameter to set with ‘token_auth_enforced’ => true or false to hve both behaviour working???

The documentation says :

Enforce token authentication for clients, which blocks requests using the user password for enhanced security. Users need to generate tokens in personal settings which can be used as passwords on their clients.

But I would prefer to avoid to creat a token for each user who need the CalDAV / CardDAV…

1 Like

Did you ever got this sorted out? Looks like my users experience the same, haven’t changed anything from the default settings yet.

No I have creat token for each user…
But since last year NC a increase version.
I will try again to see if I get stil this error and let you know

1 Like

For information I put “‘token_auth_enforced’ => false” since to day and no more 10 minute session problem.
It seem’s it has been corrected in the new versions (in my case at least)

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.