Support intro
Sorry to hear you’re facing problems. 
The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.
If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.
Getting help
In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.
Before clicking submit: Please check if your query is already addressed via the following resources:
- Official documentation (searchable and regularly updated)
- How to topics and FAQs
- Forum search
(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).
Environment
- Nextcloud server:
- OS: Ubuntu Server 24.04 LTS (KVM VM)
- Clients affected:
- Nextcloud Desktop Client (Windows, mirall 3.17.0 build 20250813)
- Web UI in Microsoft Edge (Windows 10)
- Access: via
https://nextcloud.<MYDOMAIN>.de(Let’s Encrypt TLS, reverse proxy on Apache2) - Config highlights:
overwritehostandoverwriteprotocolset correctly- Redis enabled for locking + APCu for local cache
- No reverse-proxy hostname mismatches
The Basics
- Nextcloud Server version (e.g., 29.x.x):
- 31.0.8.1
- Operating system and version (e.g., Ubuntu 24.04):
- Ubuntu Server 24.04 LTS (KVM VM)
- Web server and version (e.g, Apache 2.4.25):
- Apache 2.4.58
- Reverse proxy and version _(e.g. nginx 1.27.2)
- Apache2
- PHP version (e.g, 8.3):
- PHP 8.3
- Is this the first time you’ve seen this error? (Yes / No):
- Yes (started recently)
- When did this problem seem to first start?
- after installing NC 31.0.8.1 (don´t remember seeing with 31.0.7)
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- Installed regular Nextcloud release from official archive under Ubuntu Server (VM on Ubuntu KVM host)
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
- No
Summary of the issue you are facing:
UPDATE: The client was updated today to 3.17.1 (Windows) and since I logged in, the disconnect did not yet happen (several hours - while previously the disconnect happend within 10-30min typically) - will keep monitoring.
I’m running into persistent session problems with my Nextcloud setup and wanted to check if others are experiencing the same. Both the desktop client and the browser session get logged out repeatedly.
The desktop client will show “offline” after a while and requires re-authentication.
In the logs, I consistently see “Session token credentials are invalid” and login failures, even though I have not changed the password and the tokens are still present. Highly unreliable.
Steps to replicate it:
- Log in with the Windows desktop client using app password / device flow.
- Let the client sync for a few minutes.
- Wait — within ~10–15 minutes the client shows “offline” and the log shows session invalidation.
- Browser sessions also drop at random intervals with the same message.
Log entries
(log excerpts)
{"level":2,"time":"2025-08-19T07:48:19+00:00","remoteAddr":"192.168.1.152","user":"marcus","app":"core","method":"GET","url":"/index.php/apps/files/api/v1/stats","message":"Login failed: 'marcus'"}
{"level":2,"time":"2025-08-19T07:48:19+00:00","remoteAddr":"192.168.1.152","user":"marcus","app":"core","method":"GET","url":"/index.php/apps/files/api/v1/stats","message":"Session token credentials are invalid"}
{"level":2,"time":"2025-08-19T07:52:11+00:00","remoteAddr":"192.168.1.152","user":"--","app":"core","method":"PROPFIND","url":"/remote.php/dav/files/marcus/","message":"Login failed: 'marcus'"}
{"level":2,"time":"2025-08-19T07:59:32+00:00","remoteAddr":"192.168.1.152","user":"marcus","app":"core","method":"PROPFIND","url":"/remote.php/dav/files/marcus/","message":"Session token credentials are invalid"}
OCC shows tokens exist and are active:
sudo -u www-data php occ user:auth-tokens:list marcus
+-----+-----------------------------------+---------------------------+-----------+------------+
| id | name | lastActivity | type | scope |
+-----+-----------------------------------+---------------------------+-----------+------------+
| 166 | NUC_i5 (Desktop Client - Windows) | 2025-08-19T07:58:30+00:00 | permanent | filesystem |
So the tokens are created, but the client still gets kicked.
What I tried so far
- Cleared and recreated app passwords/tokens (
occ user:auth-tokens:list→ delete → recreate). - Confirmed server timezone and NTP are correct (
timedatectl status). - Whitelisted LAN subnet in
bruteforce.protection.whitelist. - Verified
overwritehostandoverwriteprotocolinconfig.php. - Checked Redis and APCu caching setup (both active).
Configuration
Nextcloud
The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"nextcloud.<MYDOMAIN>.de",
"nextcloud.fritz.box",
"100.71.50.68",
"nextcloud.<tailscale-id>.ts.net",
"192.168.1.31"
],
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"forwarded_for_headers": [
"HTTP_X_FORWARDED_FOR"
],
"overwritehost": "nextcloud.<MYDOMAIN>.de",
"overwriteprotocol": "https",
"overwrite.cli.url": "https:\/\/nextcloud.<MYDOMAIN>.de",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "31.0.8.1",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"maintenance_window_start": "03:00",
"maintenance": false,
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"default_phone_region": "DE",
"mail_smtpmode": "smtp",
"mail_smtpsecure": "ssl",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpauth": true,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"theme": "",
"loglevel": 2
}
}
Apps
Enabled:
- activity: 4.0.0
- app_api: 5.0.2
- bruteforcesettings: 4.0.0
- circles: 31.0.0
- cloud_federation_api: 1.14.0
- comments: 1.21.0
- contactsinteraction: 1.12.0
- dav: 1.33.0
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_antivirus: 6.0.3
- files_downloadlimit: 4.0.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- nextcloud_announcements: 3.0.0
- notifications: 4.0.0
- oauth2: 1.19.1
- password_policy: 3.0.0
- photos: 4.0.0
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- related_resources: 2.0.0
- richdocuments: 8.7.3
- richdocumentscode: 25.4.202
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- support: 3.0.0
- survey_client: 3.0.0
- systemtags: 1.21.1
- text: 5.0.0
- theming: 2.6.1
- twofactor_backupcodes: 1.20.0
- updatenotification: 1.21.0
- user_status: 1.11.0
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- workflowengine: 2.13.0
Disabled: - admin_audit: 1.21.0
- dashboard: 7.11.0 (installed 7.11.0)
- encryption: 2.19.0
- files_external: 1.23.0
- recommendations: 4.0.0 (installed 4.0.0)
- suspicious_login: 9.0.1
- twofactor_nextcloud_notification: 5.0.0
- twofactor_totp: 13.0.0-dev.0
- user_ldap: 1.22.0