Session token credentials are invalid - CalDAV

Liviu08 · April 23, 2024, 10:06am

[Nextcloud Hub 7] (28.0.3)
Debian version: 11.9
Operating System: Linux 5.4.128-1-pve x86_64
CPU: Intel(R) Xeon(R) E-2288G CPU @ 3.70GHz (6 cores)
Memory: 6.00 GB

Version PHP: 8.2.16
Memory limit: 1 GB
Max execution time: 3600
Upload max size: 2 MB
OPcache Revalidate Frequency: 60
Extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, random, Reflection, SPL, session, standard, sodium, cgi-fcgi, mysqlnd, PDO, xml, apcu, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, igbinary, imagick, imap, intl, exif, mysqli, pdo_mysql, pdo_sqlite, Phar, posix, pspell, readline, redis, shmop, SimpleXML, soap, sockets, sqlite3, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xmlreader, xmlwriter, xsl, zip, Zend OPcache

Type: mysql
Version: 10.6.17

config.php

?php
$CONFIG = array (
  'instanceid' => 'ocp0fhkzke8c',
  'passwordsalt' => 'XXX',
  'secret' => 'XXXX',
  'trusted_domains' =>
  array (
    0 => 'XXX',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '28.0.3.2',
  'overwrite.cli.url' => 'https://XXXX',
  'dbname' => 'XXX',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'XXX',
  'dbpassword' => 'XXXX',
  'installed' => true,
  'default_phone_region' => 'LU',
  'maintenance_window_start' => 1,
  'mail_from_address' => 'XXX',
  'mail_smtpmode' => 'smtp',
  'mail_smtphost' => 'XXX',
  'mail_smtpauth' => 1,
  'mail_smtpport' => 'XXX',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'XXXX',
  'mail_smtpname' => 'XXX@XXXX',
  'mail_smtppassword' => 'XXXXX',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'localhost',
    'port' => 6379,
  ),
  'maintenance' => false,
);

Apache

<VirtualHost *:443>
ServerName XXX
    
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>

    Redirect 301 /.well-known/carddav /remote.php/dav
    Redirect 301 /.well-known/caldav /remote.php/dav
    Redirect 301 /.well-known/webfinger /index.php/.well-known/webfinger
    Redirect 301 /.well-known/nodeinfo /index.php/.well-known/nodeinfo

    DocumentRoot /var/www/nextcloud/

    ErrorLog /var/log/apache2/error-nextcloud.log

    SSLEngine on
    SSLCertificateFile /home/XXX/ssl/cert.crt
    SSLCertificateKeyFile /home/XXX/ssl/priv.key
    SSLCertificateChainFile /home/XXX/ssl/ca-bundle

    <Directory /var/www/nextcloud/>
        Require all granted
        AllowOverride All
        Options FollowSymLinks MultiViews
        <IfModule mod_dav.c>
            Dav off
        </IfModule>
    </Directory>
</VirtualHost>

ERROR: "Session token credentials are invalid” a few minutes after login for all users.

in raw entry
{"reqId":"Axt8NOJ2LNkpa4qa2003","level":2,"time":"2024-04-23T10:09:51+00:00","remoteAddr":"XXXXX","user":"XXX","app":"core","method":"PROPFIND","url":"/remote.php/dav/principals/users/XXX/","message":"Session token credentials are invalid","userAgent":"Thunderbird CalDAV/CardDAV","version":"28.0.3.2","data":{"app":"core","user":"null"},"id":"662788ff3285c"}

{"reqId":"wXaCwDAvZwSGwJxHQOYj","level":2,"time":"2024-04-23T10:11:28+00:00","remoteAddr":"XXX","user":"XXX","app":"core","method":"PROPFIND","url":"/remote.php/dav/principals/users/XXX/","message":"Session token credentials are invalid","userAgent":"Thunderbird CalDAV/CardDAV","version":"28.0.3.2","data":{"app":"core","user":"null"},"id":"66278956cc8b2"}

in formmatted entry
[core] Warning: Session token credentials are invalid
PROPFIND /remote.php/dav/principals/users/XXX/
from XXX by XXX at Apr 23, 2024, 12:13:38 PM

jtr · April 23, 2024, 7:14pm

Brand new installation or recently upgraded?

Can you describe precisely how you’re setting up authentication for your users?

And are you using OAuth2 or anything like that?

Liviu08 · April 24, 2024, 6:28am

The Nextcloud I installed 1-2 month ago. We did NOT used OAuth2. We have only user and normal password.
I observed yesterday this erreur, maybe was from begining.
We used only for CALDAV with Thunderbird with URL https://XXX.XX/remote.php/dav/calendars/USERS

Liviu08 · April 24, 2024, 7:28am

I thing that I found out. Some users are login with email and some with user_id. In my list of erreurs was only user with email. I changed the User in Tundrbird to be user_ID and not they are not in list of erreur “Session token credentials are invalid”