Table oc_authtoken filling up with lots of entries

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face: is for home/non-enterprise users. If you’re running a business, paid support can be accessed via where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:


Or for longer, use three backticks above and below the code snippet:


Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 12.0.2): 17.0.1
Operating system and version (eg, Ubuntu 17.04): Raspbian buster
Apache or nginx version (eg, Apache 2.4.25): nginx 1.14.2-2+deb10u1
PHP version (eg, 7.1): 7.3

The issue you are facing:

I am using an application (Devonthink) that accesses a Nextcloud folder via WebDAV. Everything works fine, the problem I have is that almost every request seems to create a new session and these sessions do not seem to expire. This way my oc_authtoken table collects a lot of entries, they all have last_activity==last_check and expires==0. Shouldn’t these sessions expire eventually if they’re not used any more?

Is this the first time you’ve seen this error? : y

Steps to replicate it:

  1. use DevonThink as WebDAV sync location

The output of your Nextcloud log in Admin > Logging: latest log lines are from update to 17.0.1

[updater] Info: \OC\Updater::resetLogLevel: Reset log level to Warning(2)

GET /core/ajax/update.php?requesttoken=xxxxxxxxxxxx
from x.x.x.x at 2019-11-15T12:20:40+00:00

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'instanceid' => 'xxxxxxxx',
  'passwordsalt' => 'xxxxxxx',
  'secret' => 'xxxxxx',
  'trusted_domains' =>
  array (
    0 => 'domain.tld',
  'datadirectory' => '/media/nextcloud',
  'overwrite.cli.url' => 'https://domain.tld:port',
  'dbtype' => 'mysql',
  'version' => '',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nextcloud',
  'dbpassword' => 'xxxxxxx',
  'logtimezone' => 'UTC',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'loglevel' => 2,
  'mail_from_address' => 'systemmail',
  'mail_smtpmode' => 'smtp',
  'mail_domain' => 'domain.tld',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtpsecure' => 'tls',
  'mail_smtphost' => 'smtp.server',
  'mail_smtpport' => '587',
  'mail_smtpname' => 'mail@domain',
  'mail_smtppassword' => 'xxxxx',
  'overwritehost' => 'domain.tld:port',
  'theme' => '',
  'maintenance' => false,
  'trashbin_retention_obligation' => 'auto',
  '' => 'stable',
  'mysql.utf8mb4' => true,
  'updater.secret' => 'xxxxxx',
  'session_lifetime' => 60 * 60 * 24,

The output of your Apache/nginx/system log in /var/log/____: error.log is empty.

Replying to myself:
The problem seemed to be that using AJAX for background jobs didn’t really work. Once I changed it to system cron calling cron.php authtokens are now being cleaned up again (and a lot of other background jobs, that had been waiting for execution also).