Support intro
Nextcloud version : 13.0.5
Operating system and version : Debian 8 / Plesk Onyx /
Apache or nginx version : Apache 2.4.10-10+deb8u12
PHP version:PHP 7.2.8 / PHP MPM Event
I use 2 Nextcloud accounts, 1 user account called David and 1 Adminaccount Called Admin.
I log in to my Nextcloud user account. Then I surf a bit and then log out. The login page is shown.
After 3-4 hours I would like to log in again. But I’m immediately forwarded to the page index.php / apps / files /? Dir = / & fileid = 169 when calling the Nextcloud address.
I do not need to log in anymore.
If I delete all cookies in the browser, I have to log in again.
The 2nd problem is, when I am logged in as Admin and surfing the Web UI a bit, the message appeared at once:
User must be an Admin.
I look at the right top of the logged in user and am amazed. All of a sudden, I am logged in as the User David and no longer as an admin. I thought it was a problem with the cookies or the sessions and adjusted the following values in the config.php:
‘session_lifetime’ => 60,
‘session_keepalive’ => true,
But there is no change.
Is this the first time you’ve seen this error? (Y/N): Yes
Steps to replicate it:
- Login
- Logout
- Surf to nextcloud Login
The output of your Nextcloud log in Admin > Logging:
snip.....
{"reqId":"W2ciP8MiU@UAADPtxy8AAAAU","level":3,"time":"2018-08-05T16:13:52+00:00","remoteAddr":"95.90.203.231","user":"David","app":"PHP","method":"GET","url":"\/index.php\/apps\/bookmarks\/public\/rest\/v2\/bookmark","message":"Undefined index: PHP_AUTH_PW at \/var\/www\/vhosts\/next.nextclouddomaindomain.de\/httpdocs\/lib\/private\/AppFramework\/Middleware\/Security\/CORSMiddleware.php#89","userAgent":"Mozilla\/5.0 (Android 7.0; Mobile; rv:61.0) Gecko\/61.0 Firefox\/61.0","version":"13.0.5.2"}
{"reqId":"W2ciP8MiU@UAADPtxy8AAAAU","level":3,"time":"2018-08-05T16:13:58+00:00","remoteAddr":"95.90.203.231","user":"--","app":"admin_audit","method":"GET","url":"\/index.php\/apps\/bookmarks\/public\/rest\/v2\/bookmark","message":"$params[\"uid\"] was missing.","userAgent":"Mozilla\/5.0 (Android 7.0; Mobile; rv:61.0) Gecko\/61.0 Firefox\/61.0","version":"13.0.5.2"}
{"reqId":"W2ciP8MiU@UAADPtxy8AAAAU","level":3,"time":"2018-08-05T16:13:58+00:00","remoteAddr":"95.90.203.231","user":"--","app":"no app in context","method":"GET","url":"\/index.php\/apps\/bookmarks\/public\/rest\/v2\/bookmark","message":"Exception: {\"Exception\":\"Exception\",\"Message\":\"key uid is expected to be set in $param\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/vhosts\\\/next.nextclouddomaindomain.de\\\/httpdocs\\\/lib\\\/private\\\/legacy\\\/hook.php(106): OC\\\\User\\\\Database::preLoginNameUsedAsUserName(Array)\\n#1 \\\/var\\\/www\\\/vhosts\\\/next.nextclouddomaindomain.de\\\/httpdocs\\\/lib\\\/public\\\/Util.php(490): OC_Hook::emit('\\\\\\\\OCA\\\\\\\\Files_Shar...', 'preLoginNameUse...', Array)\\n#2 \\\/var\\\/www\\\/vhosts\\\/next.nextclouddomaindomain.de\\\/httpdocs\\\/lib\\\/private\\\/User\\\/Session.php(453): OCP\\\\Util::emitHook('\\\\\\\\OCA\\\\\\\\Files_Shar...', 'preLoginNameUse...', Array)\\n#3 \\\/var\\\/www\\\/vhosts\\\/next.nextclouddomaindomain.de\\\/httpdocs\\\/lib\\\/private\\\/User\\\/Session.php(406): OC\\\\User\\\\Session->isTwoFactorEnforced(NULL)\\n#4 \\\/var\\\/www\\\/vhosts\\\/next.nextclouddomaindomain.de\\\/httpdocs\\\/lib\\\/private\\\/AppFramework\\\/Middleware\\\/Security\\\/CORSMiddleware.php(93): OC\\\\User\\\\Session->logClientIn(*** sensitive parameters replaced ***)\\n#5 \\\/var\\\/www\\\/vhosts\\\/next.nextclouddomaindomain.de\\\/httpdocs\\\/lib\\\/private\\\/AppFramework\\\/Middleware\\\/MiddlewareDispatcher.php(94): OC\\\\AppFramework\\\\Middleware\\\\Security\\\\CORSMiddleware->beforeController(Object(OCA\\\\Bookmarks\\\\Controller\\\\Rest\\\\BookmarkController), 'getBookmarks')\\n#6 \\\/var\\\/www\\\/vhosts\\\/next.nextclouddomaindomain.de\\\/httpdocs\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(90): OC\\\\AppFramework\\\\Middleware\\\\MiddlewareDispatcher->beforeController(Object(OCA\\\\Bookmarks\\\\Controller\\\\Rest\\\\BookmarkController), 'getBookmarks')\\n#7 \\\/var\\\/www\\\/vhosts\\\/next.nextclouddomaindomain.de\\\/httpdocs\\\/lib\\\/private\\\/AppFramework\\\/App.php(115): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OCA\\\\Bookmarks\\\\Controller\\\\Rest\\\\BookmarkController), 'getBookmarks')\\n#8 \\\/var\\\/www\\\/vhosts\\\/next.nextclouddomaindomain.de\\\/httpdocs\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('BookmarkControl...', 'getBookmarks', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#9 [internal function]: OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#10 \\\/var\\\/www\\\/vhosts\\\/next.nextclouddomaindomain.de\\\/httpdocs\\\/lib\\\/private\\\/Route\\\/Router.php(297): call_user_func(Object(OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler), Array)\\n#11 \\\/var\\\/www\\\/vhosts\\\/next.nextclouddomaindomain.de\\\/httpdocs\\\/lib\\\/base.php(999): OC\\\\Route\\\\Router->match('\\\/apps\\\/bookmarks...')\\n#12 \\\/var\\\/www\\\/vhosts\\\/next.nextclouddomaindomain.de\\\/httpdocs\\\/index.php(42): OC::handleRequest()\\n#13 {main}\",\"File\":\"\\\/var\\\/www\\\/vhosts\\\/next.nextclouddomaindomain.de\\\/httpdocs\\\/lib\\\/private\\\/User\\\/Database.php\",\"Line\":375}","userAgent":"Mozilla\/5.0 (Android 7.0; Mobile; rv:61.0) Gecko\/61.0 Firefox\/61.0","version":"13.0.5.2"}
{"reqId":"W2ciP
Domain is Chanced for Security Reasons (next.nextclouddomaindomain.de)
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
$CONFIG = array (
'instanceid' => 'security',
'passwordsalt' => 'security',
'secret' => 'security',
'trusted_domains' =>
array (
0 => 'security.de',
),
'datadirectory' => '/var/www/vhosts/security/httpdocs/data',
'overwrite.cli.url' => 'https://security',
'dbtype' => 'mysql',
'version' => '13.0.5.2',
'dbname' => 'security',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'security',
'dbpassword' => 'security',
'installed' => true,
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.local' => '\OC\Memcache\Redis',
'filelocking.enabled' => true,
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
'password' => 'security',
'timeout' => 0.0,
),
#'memcache.local' => '\\OC\\Memcache\\APCu',
'maintenance' => false,
'theme' => '',
'loglevel' => 2,
'session_lifetime' => 60,
'session_keepalive' => true,
The output of your Apache/nginx/system log in /var/log/____:
[Sun Aug 05 05:40:55.019489 2018] [ssl:warn] [pid 10809:tid 140226439591808] AH01909: webmail.security.tld.de:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 05:40:55.019746 2018] [ssl:warn] [pid 10809:tid 140226439591808] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 05:40:55.020109 2018] [ssl:warn] [pid 10809:tid 140226439591808] AH01909: default-195_34_83_229:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 05:40:55.035201 2018] [mpm_event:notice] [pid 10809:tid 140226439591808] AH00489: Apache/2.4.10 (Debian) OpenSSL/1.0.1t Apache mod_fcgid/2.3.9 configured -- resuming normal operations
[Sun Aug 05 05:40:55.035249 2018] [core:notice] [pid 10809:tid 140226439591808] AH00094: Command line: '/usr/sbin/apache2'
[Sun Aug 05 16:51:01.248219 2018] [mpm_event:notice] [pid 10809:tid 140226439591808] AH00491: caught SIGTERM, shutting down
[Sun Aug 05 16:51:04.008959 2018] [ssl:warn] [pid 13287:tid 140335223596928] AH01909: webmail.security.tld.de:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 16:51:04.009431 2018] [ssl:warn] [pid 13287:tid 140335223596928] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 16:51:04.009836 2018] [ssl:warn] [pid 13287:tid 140335223596928] AH01909: default-195_34_83_229:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 16:51:04.010001 2018] [:notice] [pid 13287:tid 140335223596928] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
[Sun Aug 05 16:51:04.010011 2018] [:notice] [pid 13287:tid 140335223596928] ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.1"
[Sun Aug 05 16:51:04.010018 2018] [:notice] [pid 13287:tid 140335223596928] ModSecurity: PCRE compiled version="8.35 "; loaded version="8.35 2014-04-04"
[Sun Aug 05 16:51:04.010023 2018] [:notice] [pid 13287:tid 140335223596928] ModSecurity: LUA compiled version="Lua 5.1"
[Sun Aug 05 16:51:04.010027 2018] [:notice] [pid 13287:tid 140335223596928] ModSecurity: LIBXML compiled version="2.9.1"
[Sun Aug 05 16:51:04.010031 2018] [:notice] [pid 13287:tid 140335223596928] ModSecurity: Original server signature: Apache
[Sun Aug 05 16:51:04.010035 2018] [:notice] [pid 13287:tid 140335223596928] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Sun Aug 05 16:51:04.010526 2018] [suexec:notice] [pid 13287:tid 140335223596928] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Sun Aug 05 16:51:05.002734 2018] [ssl:warn] [pid 13289:tid 140335223596928] AH01909: webmail.security.tld.de:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 16:51:05.003035 2018] [ssl:warn] [pid 13289:tid 140335223596928] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 16:51:05.003354 2018] [ssl:warn] [pid 13289:tid 140335223596928] AH01909: default-195_34_83_229:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 16:51:05.014892 2018] [mpm_event:notice] [pid 13289:tid 140335223596928] AH00489: Apache/2.4.10 (Debian) OpenSSL/1.0.1t Apache mod_fcgid/2.3.9 configured -- resuming normal operations
[Sun Aug 05 16:51:05.014942 2018] [core:notice] [pid 13289:tid 140335223596928] AH00094: Command line: '/usr/sbin/apache2'
[Sun Aug 05 18:40:51.492137 2018] [mpm_event:notice] [pid 13289:tid 140335223596928] AH00491: caught SIGTERM, shutting down
[Sun Aug 05 18:40:54.002436 2018] [ssl:warn] [pid 20997:tid 140528423704448] AH01909: webmail.security.tld.de:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 18:40:54.002692 2018] [ssl:warn] [pid 20997:tid 140528423704448] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 18:40:54.003013 2018] [ssl:warn] [pid 20997:tid 140528423704448] AH01909: default-195_34_83_229:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 18:40:54.003126 2018] [:notice] [pid 20997:tid 140528423704448] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
[Sun Aug 05 18:40:54.003132 2018] [:notice] [pid 20997:tid 140528423704448] ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.1"
[Sun Aug 05 18:40:54.003136 2018] [:notice] [pid 20997:tid 140528423704448] ModSecurity: PCRE compiled version="8.35 "; loaded version="8.35 2014-04-04"
[Sun Aug 05 18:40:54.003139 2018] [:notice] [pid 20997:tid 140528423704448] ModSecurity: LUA compiled version="Lua 5.1"
[Sun Aug 05 18:40:54.003144 2018] [:notice] [pid 20997:tid 140528423704448] ModSecurity: LIBXML compiled version="2.9.1"
[Sun Aug 05 18:40:54.003148 2018] [:notice] [pid 20997:tid 140528423704448] ModSecurity: Original server signature: Apache
[Sun Aug 05 18:40:54.003151 2018] [:notice] [pid 20997:tid 140528423704448] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Sun Aug 05 18:40:54.003477 2018] [suexec:notice] [pid 20997:tid 140528423704448] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Sun Aug 05 18:40:55.002506 2018] [ssl:warn] [pid 20998:tid 140528423704448] AH01909: webmail.security.tld.de:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 18:40:55.002762 2018] [ssl:warn] [pid 20998:tid 140528423704448] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 18:40:55.003037 2018] [ssl:warn] [pid 20998:tid 140528423704448] AH01909: default-195_34_83_229:443:0 server certificate does NOT include an ID which matches the server name
[Sun Aug 05 18:40:55.008240 2018] [mpm_event:notice] [pid 20998:tid 140528423704448] AH00489: Apache/2.4.10 (Debian) OpenSSL/1.0.1t Apache mod_fcgid/2.3.9 configured -- resuming normal operations
[Sun Aug 05 18:40:55.008286 2018] [core:notice] [pid 20998:tid 140528423704448] AH00094: Command line: '/usr/sbin/apache2'
[Mon Aug 06 05:36:18.681638 2018] [mpm_event:notice] [pid 20998:tid 140528423704448] AH00493: SIGUSR1 received. Doing graceful restart
.......
Mon Aug 06 05:36:22.007378 2018] [ssl:warn] [pid 20998:tid 140528423704448] AH01909: webmail.security.tld.de:443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 06 05:36:22.007631 2018] [ssl:warn] [pid 20998:tid 140528423704448] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 06 05:36:22.007964 2018] [ssl:warn] [pid 20998:tid 140528423704448] AH01909: default-195_34_83_229:443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 06 05:36:22.025136 2018] [mpm_event:notice] [pid 20998:tid 140528423704448] AH00489: Apache/2.4.10 (Debian) OpenSSL/1.0.1t Apache mod_fcgid/2.3.9 configured -- resuming normal operations
[Mon Aug 06 05:36:22.025166 2018] [core:notice] [pid 20998:tid 140528423704448] AH00094: Command line: '/usr/sbin/apache2'
[Mon Aug 06 10:05:31.579884 2018] [mpm_event:notice] [pid 20998:tid 140528423704448] AH00491: caught SIGTERM, shutting down
[Mon Aug 06 10:05:33.003127 2018] [ssl:warn] [pid 19912:tid 140345550935936] AH01909: webmail.security.tld.de:443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 06 10:05:33.003406 2018] [ssl:warn] [pid 19912:tid 140345550935936] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 06 10:05:33.003651 2018] [ssl:warn] [pid 19912:tid 140345550935936] AH01909: default-195_34_83_229:443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 06 10:05:33.003750 2018] [:notice] [pid 19912:tid 140345550935936] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
[Mon Aug 06 10:05:33.003755 2018] [:notice] [pid 19912:tid 140345550935936] ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.1"
[Mon Aug 06 10:05:33.003760 2018] [:notice] [pid 19912:tid 140345550935936] ModSecurity: PCRE compiled version="8.35 "; loaded version="8.35 2014-04-04"
[Mon Aug 06 10:05:33.003764 2018] [:notice] [pid 19912:tid 140345550935936] ModSecurity: LUA compiled version="Lua 5.1"
[Mon Aug 06 10:05:33.003767 2018] [:notice] [pid 19912:tid 140345550935936] ModSecurity: LIBXML compiled version="2.9.1"
[Mon Aug 06 10:05:33.003771 2018] [:notice] [pid 19912:tid 140345550935936] ModSecurity: Original server signature: Apache
[Mon Aug 06 10:05:33.003774 2018] [:notice] [pid 19912:tid 140345550935936] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Mon Aug 06 10:05:33.004089 2018] [suexec:notice] [pid 19912:tid 140345550935936] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Mon Aug 06 10:05:34.002321 2018] [ssl:warn] [pid 19913:tid 140345550935936] AH01909: webmail.security.tld.de:443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 06 10:05:34.002574 2018] [ssl:warn] [pid 19913:tid 140345550935936] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 06 10:05:34.002870 2018] [ssl:warn] [pid 19913:tid 140345550935936] AH01909: default-195_34_83_229:443:0 server certificate does NOT include an ID which matches the server name
[Mon Aug 06 10:05:34.007572 2018] [mpm_event:notice] [pid 19913:tid 140345550935936] AH00489: Apache/2.4.10 (Debian) OpenSSL/1.0.1t Apache mod_fcgid/2.3.9 configured -- resuming normal operations
[Mon Aug 06 10:05:34.007601 2018] [core:notice] [pid 19913:tid 140345550935936] AH00094: Command line: '/usr/sbin/apache2'
......