System randomly auto logging out

ℹ️ Support
, , ,
1

Hello, I just downloaded Nextcloud 28.0.5 and I’m having an issue that is pissing me off. Randomly sometimes with no time defined the system just logout my session in whitchever user. Also when I upgrade files and directories makes a logout when it reaches a determinate MBs quantity but depending of the file, some files at 10 MBs others at 50 or even 500 MBs.

I’m lost, I don’t know is this happened to somebody before please help me with this issue becouse I don’t know wha’s happening.

I can rule out that it is the php.ini becouse my configuration is correct and I can upload files using the desktop app.

Nextcloud conf for Nginx:

server {
    listen 80;
    server_name ***;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name ***;
    ssl_certificate /***;
    ssl_certificate_key ***;

    # Add headers to serve security related headers 
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag "noindex, nofollow";
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header Referrer-Policy no-referrer;
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
    add_header Cache-Control "public, max-age=3600";
    add_header Vary "Host";
    add_header X-Cache $upstream_cache_status;
    add_header X-Frame-Options "SAMEORIGIN";

    root ***;

    access_log /var/log/nginx/nextcloud.access;
    error_log /var/log/nginx/nextcloud.error;

        location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

    location ^~ /.well-known {
        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
        return 301 /index.php$request_uri;
    }

     location ^~ /.well-known/carddav {
        return 301 $scheme://$host:43443/remote.php/dav;
    }

    location ^~ /.well-known/caldav {
        return 301 $scheme://$host:43443/remote.php/dav;
    }

    location = /.well-known/webfinger   {
         return 301 $scheme://$host:43443/index.php$uri;
    }

    location = /.well-known/nodeinfo   {
         return 301 $scheme://$host:43443/index.php$uri;
    }

    location ~ /\.well-known/acme-challenge {
        allow all;
    }

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    # set max upload size 
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header 
    gzip off;


    location / {
        rewrite ^ /index.php;
        set $memcached_key $uri;
        memcached_pass localhost:11211;
        memcached_connect_timeout 200ms;
        memcached_read_timeout 200ms;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }

    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        try_files $fastcgi_script_name =404;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        #Avoid sending the security headers twice 
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
        fastcgi_intercept_errors off;
        fastcgi_request_buffering off;
        include snippets/fastcgi-php.conf;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files 
    # Make sure it is BELOW the PHP block 
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to 
        # have those duplicated to the ones above)
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag "noindex, nofollow";
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        add_header Referrer-Policy no-referrer;
        # Optional: Don't log access to assets 
        access_log off;
    }

    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets 
        access_log off;
    }

    # Configuración para servir archivos .woff2
    location ~* \.woff2$ {
        add_header Access-Control-Allow-Origin *;
        expires 30d;
        access_log off;
        add_header Cache-Control "public";
    }

    location ~ \.mjs$ {
        try_files $uri /index.php$request_uri;
        default_type text/javascript;
        add_header Cache-Control "public, max-age=15778463";
        access_log off;
    }

}

config.php file:

<?php
$CONFIG = array (
  'instanceid' => '***',
  'passwordsalt' => '***',
  'secret' => '***',
  'trusted_domains' => 
  array (
    0 => '***',
  ),
  'remember_login_cookie_lifetime' => 1296000,
  'session_lifetime' => 1296000,
  'session_keepalive' => true,
  'auto_logout' => false,
  'datadirectory' => '***',
  'dbtype' => 'pgsql',
  'version' => '28.0.5.1',
  'overwrite.cli.url' => '***',
  'dbname' => ***',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => '***',
  'dbpassword' => '***',
  'installed' => true,
  'theme' => '',
  'loglevel' => 2,
  'maintenance' => false,
  'filelocking.enabled' => true,
  'maintenance_window_start' => 1,
  'default_language' => 'es',
  'mail_from_address' => ***',
  'mail_smtpmo¨de' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => '***',
  'mail_smtphost' => '***',
  'mail_smtpport' => '587',
  'mail_smtpauth' => 1,
  'mail_smtpname' => '***',
  'mail_smtppassword' => '***',
  'default_phone_region' => 'ES',
  'memcache.local' => '\\OC\\Memcache\\Memcached',
  'memcache.distributed' => '\\OC\\Memcache\\Memcached',
  'memcache.locking' => '\\OC\\Memcache\\Memcached',
  'memcached_servers' => 
  array (
    0 => 
    array (
      0 => 'localhost',
      1 => 11211,
    ),
  ),
);
2

have you watched this?

especially last post concerning logouts since upgrade to NC 28.0.5

3

Recently updated to 28.0.5 from 28.0.4 and I’m experiencing this too. Logout times on my browsers (both at home and at work) seem completely arbitrary. I previously had some issues with logging out that I boiled down to “pre-loading” being enabled in Chrome.

I hadn’t had random log outs since, until I updated to 28.0.5. Just as a data point: on this laptop I’m using right now, I was logged in as of last Friday. I opened Chrome up this morning and I was still logged in. A few hours later, without even closing the browser, I went to my Nextcloud and yeah I had been logged out.

It’s frustrating enough where I’m almost considering disabling 2FA. I really don’t know how to go about diagnosing this, but it’s incredibly frustrating. I’m running this on an Ubuntu 22.04 server, and using Apache for my webserver (yes I know please don’t judge, I am old).

4

I think I fixed it with the second post, just had to copy, replace the file and restart my server.

5

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.