Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nextcloud 15 - redirect loop login / Renewing session token failed #13431

Open
Knot3n opened this issue Jan 8, 2019 · 49 comments

Comments

Projects
None yet
@Knot3n
Copy link

commented Jan 8, 2019

Steps to reproduce

  1. spontaneously - would not know how

Expected behaviour

User can login without gettin a login loop.

Actual behaviour

User gets a login loop ... sometimes in the logfile we got this messeage: Login failed: 'xxx' (Remote IP: 'xxxxxxxx') Sometimes not.

Server configuration

Operating system:
Centos 7

Web server:
nginx version: nginx/1.15.8

Database:

MariaDB 10.1.37

PHP version:

PHP 7.2.13 (cli) (built: Dec 8 2018 12:11:34) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.13, Copyright (c) 1999-2018, by Zend Technologies

Nextcloud version: (see Nextcloud admin page)

Version: 15.0.0.10

Updated from an older Nextcloud/ownCloud or fresh install:

Updated from 14.x.*

Where did you install Nextcloud from:

From https://download.nextcloud.com/server/releases

Signing status:

Signing status
Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- core
	- INVALID_HASH
		- core/js/mimetypelist.js
	- FILE_MISSING
		- core/skeleton/Documents/About.odt
		- core/skeleton/Documents/About.txt
		- core/skeleton/Documents/Nextcloud Flyer.pdf
		- core/skeleton/Documents/User Data Manifesto.pdf
		- core/skeleton/Nextcloud Manual.pdf
		- core/skeleton/Nextcloud.mp4
		- core/skeleton/Nextcloud.png
		- core/skeleton/Photos/Coast.jpg
		- core/skeleton/Photos/Hummingbird.jpg
		- core/skeleton/Photos/Nextcloud Community.jpg
		- core/skeleton/Photos/Nut.jpg
	- EXTRA_FILE
		- log/nextcloud.log

Raw output
==========
Array
(
    [core] => Array
        (
            [INVALID_HASH] => Array
                (
                    [core/js/mimetypelist.js] => Array
                        (
                            [expected] => dc48de7ad4baa030c5e563350c9a80b274bad783f6f5adbf1595ecef6c6a32e52890a24cb26cddb0aa20193ba52c001150c68d8bfb567f0aed566f4029a190a3
                            [current] => 53613657e01ad07fb878200f174a72a8ac062f6f3d52624034c85157a2bd7517b6b79b18ddad5b312319e7d9bec6b1d409c8ec9098480a356777e0dcee2f39f8
                        )

                )

            [FILE_MISSING] => Array
                (
                    [core/skeleton/Documents/About.odt] => Array
                        (
                            [expected] => 1cc2eae96696437edac41a8f9bc04a2ce2e8aac132cee19239222ef0f0ed0722a8279d6dae2073c230f9f2015f03559827a4bdd11ac068d2ee31f8bef9ec8b95
                            [current] => 
                        )

                    [core/skeleton/Documents/About.txt] => Array
                        (
                            [expected] => 246d73856029aac8fb5cfda0644c473bcc519017b8284e0b850b67025562170cf4c1afa39f037cff3c9a331f85ab29266353de184c039907a54a680a54c15040
                            [current] => 
                        )

                    [core/skeleton/Documents/Nextcloud Flyer.pdf] => Array
                        (
                            [expected] => 5d290127483c2806b1dfd35b44a67b8481f52568f7005c3a41c6734e78ea7040bb96e8e749d470f371a655e748942ce027d3193020bee4517dc0600f147fd798
                            [current] => 
                        )

                    [core/skeleton/Documents/User Data Manifesto.pdf] => Array
                        (
                            [expected] => 2a7c9d0bf48dc788cf7e24000852449446fcd7be5c6dba35d070c89aeda419be5bb15f0d06d82d2e2014d9299d3c121ca4d4eb0732a5665ec9af0ebcc55cd8bf
                            [current] => 
                        )

                    [core/skeleton/Nextcloud Manual.pdf] => Array
                        (
                            [expected] => ae43e525c923c78c61cb111c669402044fc1948b714e1c9194bbb254160983810775a04d363547d33ab8126ea3e7c892a408bcf8cb30237823b2ec3e13dbdfd7
                            [current] => 
                        )

                    [core/skeleton/Nextcloud.mp4] => Array
                        (
                            [expected] => 20629a6a9e8750beac07541c77e8e694fb527cc653f2d6626d73c7381070726af4062169010947229e1b904e56308928e4897e31a7809bddd70dd2027ef5471a
                            [current] => 
                        )

                    [core/skeleton/Nextcloud.png] => Array
                        (
                            [expected] => d2e57f96215bda00e76679310745108d7d3911102a03e45f392a0eedb857f00167c824c06d7bce1069048cdbc3756a84466313ba317f311dbefa8ce5b1d6cb0c
                            [current] => 
                        )

                    [core/skeleton/Photos/Coast.jpg] => Array
                        (
                            [expected] => 2bb4fd0ca9fbcb71b3565f1c019233aac9d22d19e25a6c1afe1ba37dbe33a2d282ead22aafd6e5a012bb206c9606f1056d9f83955034a11d2c531d435f097933
                            [current] => 
                        )

                    [core/skeleton/Photos/Hummingbird.jpg] => Array
                        (
                            [expected] => 4c5c440aabadb7bc084502513f34691754ad0cd5b7dc60af5294c5076e17e102d209b2fec4d1a1f38b940887c6f8eb16efa9240944116d17e6c4a36689987d84
                            [current] => 
                        )

                    [core/skeleton/Photos/Nextcloud Community.jpg] => Array
                        (
                            [expected] => 6ce4c89f1798c4c0233aa0701e7fbbaea5606c81e6060076dca3987c025552102a2381802e66a572ab98874dd876ee67758d8c7d5d53c496948ccaec9811031d
                            [current] => 
                        )

                    [core/skeleton/Photos/Nut.jpg] => Array
                        (
                            [expected] => 0a82a718fc89d438c5887bac2b4fe7f32ec39a3cf9aab38e7f544ed8493d328d2247fa4efa85d4caa650550c34f305ba7eb12973d2487e10507cb2ab0f38c122
                            [current] => 
                        )

                )

            [EXTRA_FILE] => Array
                (
                    [log/nextcloud.log] => Array
                        (
                            [expected] => 
                            [current] => 6b81851182a1987a09bf6839c0d80e773ec55d8c99523ffa05d5d63e4fc40c20f3630ee06ce06d02afb3ca02c5dbe32c9c6b485edc3620d599e3ec82b1fc3612
                        )

                )

        )

)

List of activated apps:

App list
Enabled:
  - activity: 2.8.2
  - apporder: 0.6.0
  - calendar: 1.6.4
  - cloud_federation_api: 0.1.0
  - contacts: 3.0.1
  - dav: 1.8.0
  - deck: 0.5.2
  - federatedfilesharing: 1.5.0
  - files: 1.10.0
  - files_pdfviewer: 1.4.0
  - files_sharing: 1.7.0
  - files_texteditor: 2.7.0
  - files_trashbin: 1.5.0
  - files_versions: 1.8.0
  - files_videoplayer: 1.4.0
  - gallery: 18.2.0
  - groupfolders: 2.0.2
  - logreader: 2.0.0
  - lookup_server_connector: 1.3.0
  - nextcloud_announcements: 1.4.0
  - notifications: 2.3.0
  - oauth2: 1.3.0
  - onlyoffice: 2.1.2
  - password_policy: 1.5.0
  - polls: 0.9.5
  - provisioning_api: 1.5.0
  - quota_warning: 1.4.0
  - ransomware_protection: 1.3.0
  - serverinfo: 1.5.0
  - sharebymail: 1.5.0
  - theming: 1.6.0
  - twofactor_backupcodes: 1.4.1
  - updatenotification: 1.5.0
  - workflowengine: 1.5.0
Disabled:
  - accessibility
  - admin_audit
  - comments
  - encryption
  - federation
  - files_external
  - firstrunwizard
  - support
  - survey_client
  - systemtags
  - user_external
  - user_ldap

Nextcloud configuration:

Config report
{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud.xxxxx.com",
            "cloudxxxxxx.de"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "15.0.0.10",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "default_language": "de",
        "session_keepalive": true,
        "trashbin_retention_obligation": "auto",
        "filelocking.enabled": true,
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "cache_chunk_gc_ttl": 86400,
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpsecure": "tls",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "log_type": "file",
        "logtimezone": "Europe\/Berlin",
        "logfile": "\/home\/web-5\/htdocs\/log\/nextcloud.log",
        "loglevel": 2,
        "theme": "",
        "updater.release.channel": "stable",
        "twofactor_enforced": "false",
        "twofactor_enforced_groups": [],
        "twofactor_enforced_excluded_groups": [],
        "mail_sendmailmode": "smtp",
        "overwrite.cli.url": "https:\/\/cloud.xxxx.com",
        "mysql.utf8mb4": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***"
    }
}

Are you using external storage, if yes which one: local/smb/sftp/...

NO

Are you using encryption: yes/no

NO

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

NO

Client configuration

Browser:
Google Chrome / Firefox / Edge

Operating system:

Windows 10

Logs

Web server error log

Web server error log
There are few like this errors but no others, only these ..

2019/01/08 19:16:04 [error] 26831#26831: *14 access forbidden by rule, client: , server: cloud.xxxxx.com, request: "GET /data/.ocdata?t=1546971364833 HTTP/2.0", host: "cloud.xxxxx.com"
2019/01/08 19:16:06 [error] 26831#26831: *14 access forbidden by rule, client: , server: cloud.xxxxx.com, request: "GET /data/.ocdata?t=1546971366702 HTTP/2.0", host: "cloud.xxxxxx.com"
2019/01/08 19:17:33 [error] 26831#26831: *14 access forbidden by rule, client: , server: cloud.xxxxx.com, request: "GET /data/.ocdata?t=1546971453215 HTTP/2.0", host: "cloud.xxxxx.com"
2019/01/08 19:17:38 [error] 26831#26831: *14 access forbidden by rule, client: , server: cloud.xxxx.com, request: "GET /data/.ocdata?t=1546971458253 HTTP/2.0", host: "cloud.xxxxx.com"

Nextcloud log (data/nextcloud.log)

Nextcloud Log
We are getting often every hour or 12-14 hours a Renewing session token failed error.

{"reqId":"H9nKDMSRFRH6UgDbJJh5","level":2,"time":"2019-01-08T19:00:08+01:00","remoteAddr":".","user":"--","app":"core","method":"POST","url":"\/login?redirect_url=\/apps\/files\/","message":"Login failed: '.' (Remote IP: '.')","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko\/20100101 Firefox\/64.0","version":"15.0.0.10"}
{"reqId":"VMta3ndZcejF6bBLejq7","level":2,"time":"2019-01-08T19:01:11+01:00","remoteAddr":".","user":"--","app":"core","method":"POST","url":"\/login?redirect_url=\/apps\/files\/%3Fdir%3D\/%26fileid%3D22503","message":"Login failed: '.' (Remote IP: '.')","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko\/20100101 Firefox\/64.0","version":"15.0.0.10"}
{"reqId":"2yigzRCsb7RCbPjeVmIj","level":3,"time":"2019-01-08T19:23:22+01:00","remoteAddr":"","user":"","app":"PHP","method":"GET","url":"\/apps\/files\/","message":"count(): Parameter must be an array or an object that implements Countable at \/home\/web-5\/htdocs\/apps\/onlyoffice\/lib\/appconfig.php#477","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko\/20100101 Firefox\/64.0","version":"15.0.0.10"}
{"reqId":"cnSI8vZU6Gp7DSY8Z817","level":3,"time":"2019-01-08T19:23:23+01:00","remoteAddr":"","user":"","app":"PHP","method":"GET","url":"\/apps\/files\/","message":"count(): Parameter must be an array or an object that implements Countable at \/home\/web-5\/htdocs\/apps\/onlyoffice\/lib\/appconfig.php#477","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko\/20100101 Firefox\/64.0","version":"15.0.0.10"}
{"reqId":"w71SwiK7dD8CSCOyGBOX","level":3,"time":"2019-01-08T19:23:23+01:00","remoteAddr":"","user":"","app":"PHP","method":"GET","url":"\/apps\/files\/","message":"count(): Parameter must be an array or an object that implements Countable at \/home\/web-5\/htdocs\/apps\/onlyoffice\/lib\/appconfig.php#477","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko\/20100101 Firefox\/64.0","version":"15.0.0.10"}

Browser log

Browser log
Source-Map-Fehler: TypeError: NetworkError when attempting to fetch resource.
Ressourcen-Adresse: https://cloud.xxxx.com/apps/notifications/js/notifications.js?v=35bde6fd-146
Source-Map-Adresse: notifications.js.map[Weitere Informationen]

Nothing more...
@Knot3n

This comment has been minimized.

Copy link
Author

commented Jan 9, 2019

Just to clarify -> If someone tries three times to login, then it works correctly, but this is not a solution or a workaround.

@tcitworld

This comment has been minimized.

Copy link
Member

commented Jan 17, 2019

Can confirm, sometimes lost in a login loop:

  • login -> POST https://nextcloud.tld/login -> HTTP 303 (this login seems to work)
  • redirection to GET https://nextcloud.tld/apps/calendar/ -> HTTP 303 (default app is calendar on this server - I did try to change this)
  • logical redirection to GET https://nextcloud.tld/login?redirect_url=/apps/calendar/ -> HTTP 200

It doesn't seem to depend on:

  • whether 2FA is activated or not
  • the theme used
  • the browser used
  • cleaning PHP session files
@tcitworld

This comment has been minimized.

Copy link
Member

commented Jan 17, 2019

See also the Nextcloud logs. I added an exception log after the Renewing session token failed logging message to have the following stacktrace:

{
  "reqId":"cDerBGTitY0Ev9uU40k8",
  "level":2,
  "time":"2019-01-17T17:49:27+01:00",
  "remoteAddr":"x.x.x.x",
  "user":"--",
  "app":"core",
  "method":"GET",
  "url":"\/apps\/calendar\/",
  "message":"Renewing session token failed",
  "userAgent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko\/20100101 Firefox\/64.0",
  "version":"15.0.2.0"
}
{
	"reqId": "cDerBGTitY0Ev9uU40k8",
	"level": 3,
	"time": "2019-01-17T17:49:27+01:00",
	"remoteAddr": "x.x.x.x
	"user": "--",
	"app": "no app in context",
	"method": "GET",
	"url": "\/apps\/calendar\/",
	"message": {
		"Exception": "OC\\Authentication\\Exceptions\\InvalidTokenException",
		"Message": "",
		"Code": 0,
		"Trace": [{
			"file": "\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/DefaultTokenProvider.php",
			"line": 201,
			"function": "getToken",
			"class": "OC\\Authentication\\Token\\DefaultTokenProvider",
			"type": "->",
			"args": ["*** sensitive parameter replaced ***"]
		}, {
			"file": "\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/Manager.php",
			"line": 162,
			"function": "renewSessionToken",
			"class": "OC\\Authentication\\Token\\DefaultTokenProvider",
			"type": "->",
			"args": ["*** sensitive parameter replaced ***", "sometoken"]
		}, {
			"file": "\/var\/www\/nextcloud\/lib\/private\/User\/Session.php",
			"line": 823,
			"function": "renewSessionToken",
			"class": "OC\\Authentication\\Token\\Manager",
			"type": "->",
			"args": ["*** sensitive parameter replaced ***", "sometoken"]
		}, {
			"file": "\/var\/www\/nextcloud\/lib\/base.php",
			"line": 1037,
			"function": "loginWithCookie",
			"class": "OC\\User\\Session",
			"type": "->",
			"args": ["*** sensitive parameters replaced ***"]
		}, {
			"file": "\/var\/www\/nextcloud\/lib\/base.php",
			"line": 976,
			"function": "handleLogin",
			"class": "OC",
			"type": "::",
			"args": [{
				"__class__": "OC\\AppFramework\\Http\\Request"
			}]
		}, {
			"file": "\/var\/www\/nextcloud\/index.php",
			"line": 42,
			"function": "handleRequest",
			"class": "OC",
			"type": "::",
			"args": []
		}],
		"File": "\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/DefaultTokenProvider.php",
		"Line": 163,
		"CustomMessage": "--"
	},
	"userAgent": "Mozilla\/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko\/20100101 Firefox\/64.0",
	"version": "15.0.2.0"
}
@Dennis1993

This comment has been minimized.

Copy link
Contributor

commented Jan 17, 2019

I have this problem too!
After upgrading to NC 15 the users told me, that the login is sometimes not working (page reloads or sometimes with „login failed“ message). In errorlog is no event logged...

NC 15.0.2 upgraded from NC 14.0.6
PHP 7.3.1
Apache 2.4

@Knot3n

This comment has been minimized.

Copy link
Author

commented Jan 20, 2019

Thanks for your reply guys, i hope someone will look into it fast.

@franadr

This comment has been minimized.

Copy link

commented Jan 22, 2019

Hello,

I had a similar issue regarding the redirect , mine was related to url overwrite protocol option that should be set in config/config.php .
In previous version this was not necessary but apparently since 15.0.2 it is.
So I had to go from (config.php)
{...} 'overwrite.cli.url' => 'https://domain.lu', {...}
to
{...} 'overwrite.cli.url' => 'https://domain.lu', 'overwritehost' => 'domain.lu', 'overwriteprotocol' => 'https', {...}
This did the trick for me..
For information I'm running nextcloud docker behind a reverse proxy (which also handles ssl).
I have found the solution on this thread : nextcloud/server/13713

Hope it helps !

@tcitworld

This comment has been minimized.

Copy link
Member

commented Jan 22, 2019

According to my logs, this doesn't seem to resolve the issue for me.

@tdoerschel

This comment has been minimized.

Copy link

commented Jan 23, 2019

Hi,
I have the same problem on 2 instances (both NC 15.0.2 but different environments: PHP7.0/7.2, psql/mysql, webhost/vserver).
Log on DEBUG level shows no relevant entries. Here is the log after 2 login attemps.
On 3rd attempt the login works.

Level	App	Message		Time
Debug	cron	Finished OCA\Support\BackgroundJobs\CheckSubscription job with ID 24 in 0 seconds	
2019-01-23T08:23:21+0100
Debug	cron	Run OCA\Support\BackgroundJobs\CheckSubscription job with ID 24	
2019-01-23T08:23:21+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/search/css/results.scss, ignoring	
2019-01-23T08:23:18+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery.ocdialog.scss, ignoring	
2019-01-23T08:23:18+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/apps/firstrunwizard/css/firstrunwizard.scss, ignoring	
2019-01-23T08:23:18+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/css-variables.scss, ignoring	
2019-01-23T08:23:18+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/server.scss, ignoring	
2019-01-23T08:23:18+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery-ui-fixes.scss, ignoring	
2019-01-23T08:23:18+0100
Debug	core	OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in	
2019-01-23T08:23:18+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/search/css/results.scss, ignoring	
2019-01-23T08:23:15+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery.ocdialog.scss, ignoring	
2019-01-23T08:23:15+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/apps/firstrunwizard/css/firstrunwizard.scss, ignoring	
2019-01-23T08:23:15+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/css-variables.scss, ignoring	
2019-01-23T08:23:15+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/server.scss, ignoring	
2019-01-23T08:23:15+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery-ui-fixes.scss, ignoring	
2019-01-23T08:23:15+0100
Debug	core	OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in	
2019-01-23T08:23:15+0100
Debug	no app in context	No cache entry found for /appdata_ocwdeqeygqfz/css/icons/icons-vars.css.gzip (storage: local::/usr/www/users/ensibo/nextcloud/data/, internalPath: appdata_ocwdeqeygqfz/css/icons/icons-vars.css.gzip)	
2019-01-23T08:23:07+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/search/css/results.scss, ignoring	
2019-01-23T08:23:02+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery.ocdialog.scss, ignoring	
2019-01-23T08:23:02+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/apps/firstrunwizard/css/firstrunwizard.scss, ignoring	
2019-01-23T08:23:02+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/css-variables.scss, ignoring	
2019-01-23T08:23:02+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/server.scss, ignoring	
2019-01-23T08:23:02+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery-ui-fixes.scss, ignoring	
2019-01-23T08:23:02+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/search/css/results.scss, ignoring	
2019-01-23T08:22:56+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery.ocdialog.scss, ignoring	
2019-01-23T08:22:56+0100
Debug	core	Scss is disabled for /usr/www/users/ensibo/nextcloud/apps/firstrunwizard/css/firstrunwizard.scss, ignoring	
2019-01-23T08:22:56+0100
@Knot3n

This comment has been minimized.

Copy link
Author

commented Jan 23, 2019

@tdoerschel This is the same behavior that i have ... exactly the same.

I tried everything in the config.php to fix the login but nothing helped here.
So i think this is not a local server or a plugin problem - i think this is directly a nextcloud problem..

@codingchipmunk

This comment has been minimized.

Copy link

commented Jan 25, 2019

I just ran into the same problem. I am running NC 15.0.2 with PHP 7.3, PSQL and Caddy.
I don't know if this matters but literally seconds before I ran into this the first time, I upgraded Talk, Audio Player and a third plugin which I can't remember :/
My log only shows "Renewing session token failed" and nothing else.

@kesselb

This comment has been minimized.

Copy link
Contributor

commented Jan 25, 2019

If you are running nextcloud behind a reverse proxy #13700 (comment) might help you.

@Knot3n

This comment has been minimized.

Copy link
Author

commented Jan 25, 2019

What do you mean with reverse proxy? Are we talking about a normal nginx installation as a webserver?

@quentinDupont

This comment has been minimized.

Copy link

commented Jan 28, 2019

Same issue here. Didn't find any pattern to know when it's gonna loop or not..

@brodymac95

This comment has been minimized.

Copy link

commented Jan 30, 2019

Similar issue here as well. The only pattern I may have on my end is if I don't log in for a few days, then the error is more likely to occur and the website takes about 5-10 seconds to load and login automatically (since I never selected to log out on my computer to end my current session). Is Nextcloud having issues recognizing the nc_token cookies and tries to do a "retry" for authentication?

@ch0nen

This comment has been minimized.

Copy link

commented Feb 4, 2019

In my case it was the /var/lib/php/sessions folder that got the wrong write access. Removed the old sess-files and changed the owner to nginx (which is the user running the webserver) and i could login again.

@Knot3n

This comment has been minimized.

Copy link
Author

commented Feb 5, 2019

@ch0nen thats not the problem / solution.
the login works after several tries (3-4).

the problem you writeing about is a right problem which has nothing to do with the login redirect loop.

It would be awesome if someone of the nextcloud team can look into that problem .. @nickvergessen

@Dulanic

This comment has been minimized.

Copy link

commented Feb 14, 2019

Same issue occurs here, I can login /w https reverse proxy, but if I try to access locally (http), it loops. The nginx reverse proxy works without issue via external domain url, but I have having 413 size issues so to trouble shoot, I attempted to login locally using direct network ip and thats where I see the login loop also.

I see no log records, but I am running the docker version, so I do see this in the docker container log which doesn't really tell anything. I even did a search of all files within my container for the ip i am accessing from and it doesnt exist in any files.

[14/Feb/2019:15:43:10 +0000] "GET /login?redirect_url=/apps/files/ HTTP/1.1" 200 5169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"

My install is from

https://hub.docker.com/_/nextcloud/

@Wikinaut

This comment has been minimized.

Copy link
Contributor

commented Feb 15, 2019

I have the same problem after upgrading the server to debian 10 and PHP7.3 and activating .htaccess (which I never used before) "AllowOverwrite All" (before that I used None).

  • Apache 2.4.38
  • Nextcloud 15.0.4
@mkysoft

This comment has been minimized.

Copy link

commented Feb 25, 2019

I got same problem with nginx, php-fpm and php 7.2 and fix with changing session folder permission. There is no log about sessions not saved. Check /tmp folder for sess_xxx files. If system not saved session files to configured session.save_path folder then try to system temp folder. Next cloud not read these files from temp folder or it has already read access to session folder. So it is giving error about NotLoggedInException.

Re-set folder owner and permission (for selinux) like below.

chown -R nginx:nginx /var/lib/php
chcon -t httpd_sys_rw_content_t -R /var/lib/php

Note: Check current php-fpm user and session folder in php_info page.

@LukasK13

This comment has been minimized.

Copy link

commented Feb 27, 2019

I was able to fix this issue by clearing my browser cache for this specific website.

Hope this helps someone.

@tdoerschel

This comment has been minimized.

Copy link

commented Feb 27, 2019

It helps only for first re-login.
After logging out, closing and re-opening the browser, I had to login 2 times again (well, at least only 2 times. sometimes it asks 4-5 times).

Therefore, clearing browser cache is not a solution.

@Wikinaut

This comment has been minimized.

Copy link
Contributor

commented Feb 27, 2019

Clearing the browser cache is a "one-time help", the problem comes immediately back.

@Qrbaker

This comment has been minimized.

Copy link

commented Feb 28, 2019

@LukasK13 Thanks for the workaround; I'm accessing my web portal exclusively via FF private mode, but at least I can access it.

I've seen this problem crop up before, and it always seems to revolve around tweaking one line of code in DefaultTokenProvider. (a-la https://github.com/nextcloud/server/pull/9802/files) but that doesn't seem to do the trick this time.

@tdoerschel

This comment has been minimized.

Copy link

commented Feb 28, 2019

@Qrbaker
Thanks for the idea. It also does not work for me. I tried both versions of the codeline. Each time only the first login works, but every consecutive login requires multiple attemps again.

@tdoerschel

This comment has been minimized.

Copy link

commented Feb 28, 2019

Issue still present in NC 15.0.5

@tx7

This comment has been minimized.

Copy link

commented Mar 9, 2019

Hi,

I having the same issue.
It only work if I'm using private mode with Google Chrome.

@MZorzy

This comment has been minimized.

Copy link

commented Mar 11, 2019

on 15.0.5 i fixed my login loop with
sudo -u www-data php occ maintenance:repair

@riki137

This comment has been minimized.

Copy link

commented Mar 31, 2019

I use reverse proxy with docker container and Lets Encrypt HTTPS and the solution on #13700 (comment) helped me!!

Huge thanks to @kesselb!

I added 127.0.0.1 and localhost as trusted proxy and also added the overwritehost/protocol.

@Knot3n

This comment has been minimized.

Copy link
Author

commented Mar 31, 2019

@riki137

This comment has been minimized.

Copy link

commented Mar 31, 2019

@tcitworld

This comment has been minimized.

Copy link
Member

commented Apr 3, 2019

Investigating a bit, many users had a lot of login_token stored in oc_preferences (240k tokens vs 40k. users - I had ~100 tokens for my own account).
I don't know why this happened, but maybe there should be a repair job to delete expired tokens (cc @rullzer )

I ended up deleting all login_token in the oc_preferences table, which leads to all users having to log again in their browser (shouldn't affect synced devices with main password or app passwords).

Please don't do this without investigating if you have the same symptoms first

delete from oc_preferences where appid = 'login_token';

I still didn't see the renewing session token issue in the logs after a few hours (it happened really frequently before). Also our server is doing far better somehow.

@Acar83

This comment has been minimized.

Copy link

commented Apr 3, 2019

me too from this error: Renewing session token failed

but only if I use the mac / ios client. from web browser it works perfectly.

I'm going crazy

@lefty556

This comment has been minimized.

Copy link

commented Apr 4, 2019

I ran into this same issue today after I did a yum update, and these packages got updated

Apr 04 15:00:58 Updated: php72-php-common-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-json-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-pdo-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-mysqlnd-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-opcache-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-mbstring-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-process-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-fpm-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:59 Updated: php72-php-cli-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:59 Updated: php72-php-intl-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:59 Updated: php72-php-xml-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:59 Updated: php72-php-ldap-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:59 Updated: php72-php-gd-7.2.17-1.el7.remi.x86_6

I'm using the remi php72 and running on Centos 7 and nginx.

I found that after the update, the /var/opt/remi/php72/lib/php/session and /var/opt/remi/php72/lib/php/opcache folders got changed from root:nginx to root:apache. I had to chmod -R root:nginx on those directories and then my login loop was fixed.

@Knot3n

This comment has been minimized.

Copy link
Author

commented Apr 5, 2019

Guys please stop writeing that chown rights to session folder would help. Thats another issue (Sysadmin issue) if you update PHP and have PHP-FPM configured right then a update would not interrupt your php setup.

This has nothing to do with the directory rights.

@tomynr1

This comment has been minimized.

Copy link

commented Apr 5, 2019

I have experienced today the login loop issue as well.

I was updating my server to 15.0.6. After the update I was able to use nextcloud without issues.

I am using php7.2. Today I wanted to update to 7.3 and once I switched the php handler in my nginx config file to

server unix:/run/php/php7.3-fpm.sock;

the login loop appeared. Switching back to php7.2 solved the problem on my side. This makes me think, that my php7.3 is configured differently and the problem lays in the php configuration.

Edit: By using the php.ini from the 7.2 in the 7.3 installation seems to solve the problem. My files are modified according to c-rieger (https://www.c-rieger.de/nextcloud-installation-guide-ubuntu/#c01)

@lefty556

This comment has been minimized.

Copy link

commented Apr 5, 2019

Guys please stop writeing that chown rights to session folder would help. Thats another issue (Sysadmin issue) if you update PHP and have PHP-FPM configured right then a update would not interrupt your php setup.

This has nothing to do with the directory rights.

The install guide and all other guides I've read include the chown command to set initial permissions for the sessions directory. Using the default install for php-fpm and having a yum update for php-pfm set the ownership from nginx back to apache is indeed an issue that others on here would like to be aware of I'm sure.

@Knot3n

This comment has been minimized.

Copy link
Author

commented Apr 5, 2019

Guys please stop writeing that chown rights to session folder would help. Thats another issue (Sysadmin issue) if you update PHP and have PHP-FPM configured right then a update would not interrupt your php setup.
This has nothing to do with the directory rights.

The install guide and all other guides I've read include the chown command to set initial permissions for the sessions directory. Using the default install for php-fpm and having a yum update for php-pfm set the ownership from nginx back to apache is indeed an issue that others on here would like to be aware of I'm sure.

Sure, but that has nothing to do with the thread / issue. So thats why we shouldnt spam this issue full of not related comments.

@patricksebastien

This comment has been minimized.

Copy link

commented Apr 9, 2019

Is it fixed in 15.0.6?
It is available in the prod channel, but no changelog about this version:
https://nextcloud.com/changelog/

@devtobo

This comment has been minimized.

Copy link

commented Apr 11, 2019

Changelog for 15.0.6 is now published, I only see one thing related to login:
Fix "Undefined index: user_uid" on login page (server#14339)

My users are still experiencing the loop.

@kesselb

This comment has been minimized.

Copy link
Contributor

commented Apr 11, 2019

#14819 might be true for some of you. Sounds similar to the case @tcitworld described.

@manuelpandom

This comment has been minimized.

Copy link

commented Apr 16, 2019

Hi, I was having this exact problem where after the correct login the user was being redirected again to the login page. In my case the issue was caused by running the webserver behind Varnish, I disabled caching for the nextcloud virtual host and started working.

Hope this help somebody.

@tsposato

This comment has been minimized.

Copy link

commented May 2, 2019

I have this problem on a fresh install of Nextcloud 16 on FreeBSD installed via packages.
As soon as I am done with the initial setup form and submit it, I get the redirects error and I cannot login.
Nothing that I do rectifies this, I have tried all sorts of fixes laid out in this thread and similar ones.
I am at a loss. Anyone have any idea what I can try next?

@Bables55

This comment has been minimized.

Copy link

commented May 13, 2019

In my case, I have specified Redis as the Session Path. At this time, depending on the PHP version, there is no problem with login or it enters a login loop. When I get into the login loop, I give up specifying Redis as Session Path, and change the setting of php.ini as follows.

session.save_handler = files
session.save_path = "/var/lib/php/session"

I am in a login loop with PHP 7.3.3 and 7.3.5. This time should I adjust something in Redis?
Redis in memcache.locking is working properly.

@dolanor

This comment has been minimized.

Copy link

commented May 13, 2019

Still same problem for me, and I tried remove the login_token, use the overwrite_protocol for https (I'm behing a caddy proxy that auto generates LE certificates.
So I also added the trusted_proxies + the forwarded_for_headers. At least, this one suppressed the messages on the login screen telling me that I had too many wrong attempts of login from the same IP.

But still. I can't connect my desktop nextcloud app (2.5.2git), and my phone app neither (access forbidden on the new login screen, and crash on the old one).
It's really getting problematic because I really do use the share function for work.

@brunob

This comment has been minimized.

Copy link

commented Jun 6, 2019

We are also having trouble with this at cloud.infini.fr. Our setup could be resumed like this :

  • nextcloud is served by apache on debian stretch with PHP 7.2.19 behind nginx acting as a reverse proxy (nginx proxies are well defined in config with trusted_proxies).
  • sessions are stored in two memcached servers

Like @tcitworld i've tested to delete the multiple entries of login_token in the oc_preferences table for a test account and it doesn't solve the problem.

One other thing i've observed is that the settings/users page have a strange behavior : once i'm on this page, every time i try to scoll down to show more users, or to switch from one group to another, i'm disconnected with this error in the logs :

[core] Debug: OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in at <<closure>>

0. /var/www/infini/nextcloud/nextcloud-16.0.1/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php line 95

OC\AppFramework\Middleware\Security\SecurityMiddleware->beforeController(OC\Settings\Cont ... {}, "index")
1. /var/www/infini/nextcloud/nextcloud-16.0.1/lib/private/AppFramework/Http/Dispatcher.php line 98

OC\AppFramework\Middleware\MiddlewareDispatcher->beforeController(OC\Settings\Cont ... {}, "index")
2. /var/www/infini/nextcloud/nextcloud-16.0.1/lib/private/AppFramework/App.php line 126
   OC\AppFramework\Http\Dispatcher->dispatch(OC\Settings\Cont ... {}, "index")
3. /var/www/infini/nextcloud/nextcloud-16.0.1/lib/private/AppFramework/Routing/RouteActionHandler.php line 47
   OC\AppFramework\App::main("OC\\Settings\\C ... r", "index", OC\AppFramework\ ... {}, {section: "perso ... "})
4. <<closure>>
   OC\AppFramework\Routing\RouteActionHandler->__invoke({section: "perso ... "})
5. /var/www/infini/nextcloud/nextcloud-16.0.1/lib/private/Route/Router.php line 297
   undefinedundefinedcall_user_func(OC\AppFramework\ ... {}, {section: "perso ... "})
6. /var/www/infini/nextcloud/nextcloud-16.0.1/lib/base.php line 975
   OC\Route\Router->match("/settings/user")
7. /var/www/infini/nextcloud/nextcloud-16.0.1/index.php line 42
   OC::handleRequest()

GET /settings/user 

Does anyone in this thread have this problem too ?

@certainlysylvia

This comment has been minimized.

Copy link

commented Jun 9, 2019

I did - but solution was - in the end obvious.

On Centos 7; nginx with php 7.3.5 all working. Upgraded php to 7.3.6 all looping :P

I used remi repos to upgrade and found, they reset the php working directory permissions for everything at /var/lib/php -> session; opcache and wsdlcache

so I reset to what I have set nginx user and php-fpm user settings to ( aka /etc/nginx/nginx.conf and /etc/php-fpm.d/www.conf )

and all sorted

Hope that helps some people - or at least lets you know where to be looking - heh

Cheers

@Krutonium

This comment has been minimized.

Copy link

commented Jun 28, 2019

I am having this issue as well.

@Beeez

This comment was marked as off-topic.

Copy link

commented Jun 28, 2019

I checked my sessions permissions and all of that checks out fine. I am running two Nextcloud servers behind HAProxy with SSL Termination and port 80 backend to Nextcloud servers.

Logins to the browser work perfectly fine, LDAP authenticates fine as well in browser. The only time i was able to login to the mobile app was when it asked me to login with the "old" method.
I only get the login loop on Mobile app and Desktop app. Here are some snippets from the server logs i am getting:

Bind failed: 49: Invalid credentials
Login failed: 'username' (Remote IP: '10.45.92.31')
Configuration Error (prefix s01): either no password is given for the user agent or a password is given, but not an LDAP agent.

EDIT: I dont know if this is related to anyones issue or even mine - but my login loops seems to be related to my Loadbalancing. I do loadbalancing with sticky sessions via a SERVERID cookie that is set. It seems like the Android app might not be able to set cookies or see/accept them from the loadbalancer possibly? I was watching my HAProxy stats when trying to login and i would see sessions pop up on both backend nextcloud servers. Once i took one of my servers out of the backend and only had one server I was able to login via mobile since my sessions only stuck to one server. I'm going to try and figure out if i can use Redis to have a shared session storage.

@kesselb

This comment was marked as off-topic.

Copy link
Contributor

commented Jun 30, 2019

@Beeez As this seems to be a setup issue I would like to ask you to raise your question in the forums: https://help.nextcloud.com or create a new issue. This issue is not related to ldap.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.