User does not remain logged in after activation of the 2FA after closing the webbrowser

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face: is for home/non-enterprise users. If you’re running a business, paid support can be accessed via where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:


Or for longer, use three backticks above and below the code snippet:


Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 18.0.2): 20.0.2
Operating system and version (eg, Ubuntu 20.04): Ubuntu 20.04
Apache or nginx version (eg, Apache 2.4.25): NGinx
PHP version (eg, 7.1): 7.4

The issue you are facing:

Since the activation of the 2fA via google authentificator, users have to login again and again when the browser is closed. Is there a possibility that the user remains logged in for xx h on the already activated device?

Is this the first time you’ve seen this error? (Y/N):

Steps to replicate it:

  1. aktivate 2FA
  2. close your browser
  3. you have login again

I don’t have this behavior on mine. What browser is it?

I test it with Firefox and Chrome

Hmm. I’m not sure. For comparison, my server is Ubuntu 18.04 running NC via Docker, with Apache reverse proxy from Ubuntu repo. And I use Firefox.

i’m glad to hear that it’s a question of attitude or a bug and doesn’t have to be that way. :slight_smile:

Make sure that you aren’t deleting the authentication cookies if the web browser is closed :wink:

I have now tested everything with different browsers and also with different user logins.

Conclusion: With some users there is the problem of logging out after closing the browser. But there are also users who stay logged in. 2FA Is forced for all users.

I found the problem and it looks like it is a bug…

If the username contains a space, the cookie which indicates that you are already logged in to this system can probably not be read or correctly assigned. This means that you will have to log in again and again as soon as the browser is closed.

This was tested on 3 NC instances by creating one user with and one without spaces. The one without spaces remained logged in, the one with had to log in again and again.

can anyone confirm this?