"Tried to log in but could not verify token " information spam with Firefox but no recognizable problems

The Basics

  • 30.0.5
    • replace me
  • Operating system and version (e.g., Ubuntu 24.04):
    • Ubuntu 24.04
  • Web server and version (e.g, Apache 2.4.25):
    • Apache/2.4.58 (Ubuntu)
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • NGINX Proxy Manager
  • PHP version (e.g, 8.3):
    • 8.2.27
  • Is this the first time you’ve seen this error? (Yes / No):
    • yes
  • When did this problem seem to first start?
    • a few days ago
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • Bare Metal
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • Crowdsec

Summary of the issue you are facing:

Whenever I log into my Desktop Fedora PC (F41) and open the Nextcloud on Firefox I’ll find a "Tried to log in but could not verify token " information in the logs. It repeats every 12 mins as long as Firefox is open. Same issue happens sometimes on the mobile version of Firefox, too, but the log is spammed with two dozens of “informations” in a few seconds and nothing thereafter.

But I can use Nextcloud normally, no issues there. I’m not disconnected or anything.

No issues on Firefox Ubuntu 24.10 though.

Steps to replicate it (hint: details matter!):

  1. Open into Firefox, Fedora rpm 134.0.2
  2. Log into nextcloud

Log entries

Nextcloud

{"reqId":"xbHyXEk5OGD0YB8x8SQP","level":1,"time":"2025-02-02T10:36:14+00:00","remoteAddr":"88.xxx.xxx.xxx","user":"--","app":"core","method":"GET","url":"/index.php/csrftoken","message":"Tried to log in but could not verify token","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36.0 (KHTML, like Gecko) Chrome/130.0.6723.118 Safari/537.36.0","version":"30.0.5.1","data":{"app":"core","user":"xxx"},"id":"679f4cf597091"

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
 
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "30.0.5.1",
        "overwrite.cli.url": "https:\/\/192.168.1.246",
        "overwriteprotocol": "https",
        "overwritewebroot": "",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "default_phone_region": "DE",
        "mail_smtpmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl",
        "mail_smtpport": "465",
        "maintenance": false,
        "loglevel": 1,
        "theme": "",
        "maintenance_window_start": 1,
        "app_install_overwrite": [
            "documentserver_community",
            "news",
            "backup",
            "spreed",
            "files_rightclick"
        ],
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        }
    }
}

Apps

The output of occ app:list (if possible).

Enabled:

  • activity: 3.0.0
  • admin_audit: 1.20.0
  • app_api: 4.0.5
  • assistant: 2.3.0
  • bruteforcesettings: 3.0.0
  • calendar: 5.0.9
  • circles: 30.0.0
  • cloud_federation_api: 1.13.0
  • comments: 1.20.1
  • contacts: 6.1.3
  • contactsinteraction: 1.11.0
  • dashboard: 7.10.0
  • dav: 1.31.1
  • federatedfilesharing: 1.20.0
  • federation: 1.20.0
  • files: 2.2.0
  • files_downloadlimit: 3.0.0
  • files_external: 1.22.0
  • files_pdfviewer: 3.0.0
  • files_reminders: 1.3.0
  • files_sharing: 1.22.0
  • files_trashbin: 1.20.1
  • files_versions: 1.23.0
  • firstrunwizard: 3.0.0
  • gpoddersync: 3.11.0
  • integration_openai: 3.4.0
  • logreader: 3.0.0
  • lookup_server_connector: 1.18.0
  • maps: 1.5.0
  • metadata: 0.21.0
  • nextcloud_announcements: 2.0.0
  • notes: 4.11.0
  • notifications: 3.0.0
  • oauth2: 1.18.1
  • password_policy: 2.0.0
  • photos: 3.0.2
  • polls: 7.2.9
  • privacy: 2.0.0
  • provisioning_api: 1.20.0
  • recognize: 8.2.0
  • recommendations: 3.0.0
  • related_resources: 1.5.0
  • richdocuments: 8.5.3
  • serverinfo: 2.0.0
  • settings: 1.13.0
  • sharebymail: 1.20.0
  • spreed: 20.1.3
  • support: 2.0.0
  • survey_client: 2.0.0
  • systemtags: 1.20.0
  • tasks: 0.16.1
  • text: 4.1.0
  • theming: 2.5.0
  • twofactor_backupcodes: 1.19.0
  • updatenotification: 1.20.0
  • user_status: 1.10.0
  • viewer: 3.0.0
  • weather_status: 1.10.0
  • webhook_listeners: 1.1.0-dev
  • workflowengine: 2.12.0
    Disabled:
  • encryption: 2.18.0
  • suspicious_login: 8.0.0 (installed 8.0.0)
  • twofactor_nextcloud_notification: 4.0.0
  • twofactor_totp: 12.0.0-dev
  • user_ldap: 1.21.0

Hi Peripatos,

Welcome to the forums!

I have no direct solution for you, only some observations:

  • Ubuntu used to have this somewhat special construction wit Firefox in a snap package, is that still the case? Do you have an option to test another browser on Fedora?
  • There are multiple users on my Nextcloud, though most of them run Debian. There is no such message in my log. I do have ‘csrftoken’ in the log, but it is at an URL /nextcloud/csrftoken (“no such file or directory”-ish)
  • On my desktop (KDE Plasma) I have the Nextcloud sync app connected via app password. For Dolphin (file browser) I tried adding Nextcloud as WebDAV with another app password, but that did not work: maybe the secrets are shared via the password manager, and one software tries to log in with the token of the other software. It is probably totally unrelated (I guess you run Gnome, and for you it concerns Firefox, not other software). Even so, perhaps Gnome tries to log in Firefox via the app token for your sync client, or some such.

Your loglevel is set to 1, but 2 is the default. The message you’re seeing is only visible at 1.

1 Like