[Bug]: Nextcloud auto logoff logs off too soon

[roelofz]

⚠️ This issue respects the following points: ⚠️

• [X] This is a bug, not a question or a configuration/webserver/proxy issue.
• [X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• [X] I agree to follow Nextcloud's Code of Conduct.

Bug description

Auto logoff configured results in autologoff within half an hour. This seems earlier fixed, but in the current AIO version it still appears (reported in the AIO section, Szaimen advised me to start an issue here.

Steps to reproduce (cookie lifetime with and without bigger value tested)

1. Configure config.php as follows: 'remember_login_cookie_lifetime' => '43260', 'session_lifetime' => '43200', 'session_keepalive' => 'true', 'auto_logout' => true,
2. Login and wait Tested with multiple browsers (Edge and Firefox, no tracking protection for the nextcloud interface. With the default settings, the session does not close

The session is closed after less then half an hour Tested with keepalive true and false In some case it was possible after more then 12 hours to go back to the last page (Snappymail) without reauthenticating

Expected behavior

Logoff after 12 hours

Nextcloud Server version

29

Operating system

None

PHP engine version

None

Web server

None

Database engine version

None

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

• [ ] Default user-backend (database)
• [ ] LDAP/ Active Directory
• [ ] SSO - SAML
• [ ] Other

Configuration report

{
    "system": {
        "one-click-instance": true,
        "one-click-instance.user-limit": 100,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "appsallowlist": false,
        "check_data_directory_permissions": false,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "overwritehost": "domain_name",
        "overwriteprotocol": "https",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "domain_name"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "29.0.4.1",
        "overwrite.cli.url": "https:\/\/domain_name\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "default_phone_region": "NL",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "loglevel": "2",
        "log_type": "file",
        "logfile": "\/var\/www\/html\/data\/nextcloud.log",
        "log_rotate_size": "10485760",
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "jpeg_quality": "60",
        "enabledPreviewProviders": {
            "1": "OC\\Preview\\Image",
            "2": "OC\\Preview\\MarkDown",
            "3": "OC\\Preview\\MP3",
            "4": "OC\\Preview\\TXT",
            "5": "OC\\Preview\\OpenDocument",
            "6": "OC\\Preview\\Movie",
            "7": "OC\\Preview\\Krita",
            "0": "OC\\Preview\\Imaginary"
        },
        "enable_previews": true,
        "upgrade.disable-web": true,
        "mail_smtpmode": "smtp",
        "trashbin_retention_obligation": "auto, 30",
        "versions_retention_obligation": "auto, 30",
        "activity_expire_days": "30",
        "simpleSignUpLink.shown": false,
        "share_folder": "\/Shared",
        "one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
        "upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
        "updatedirectory": "\/nc-updater",
        "allow_local_remote_servers": true,
        "app.mail.imap.timeout": 20,
        "app.mail.smtp.timeout": 20,
        "app.mail.sieve.timeout": 20,
        "davstorage.request_timeout": 3600,
        "htaccess.RewriteBase": "\/",
        "dbpersistent": false,
        "files_external_allow_create_new_local": true,
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpstreamoptions": {
            "ssl": {
                "allow_self_signed": true,
                "verify_peer": false,
                "verify_peer_name": false
            }
        },
        "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "maintenance_window_start": 100,
        "preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "auth.bruteforce.protection.enabled": true,
        "ratelimit.protection.enabled": true,
        "remember_login_cookie_lifetime": "43200",
        "session_lifetime": "43200",
        "session_keepalive": "true",
        "auto_logout": true,
        "app_install_overwrite": [
            "files_mindmap"
        ],
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***"
    }
}

List of activated Apps

Enabled:
  - activity: 2.21.1
  - admin_audit: 1.19.0
  - announcementcenter: 6.8.1
  - app_api: 3.1.0
  - assistant: 1.1.0
  - bruteforcesettings: 2.9.0
  - calendar: 4.7.15
  - circles: 29.0.0-dev
  - cloud_federation_api: 1.12.0
  - comments: 1.19.0
  - contacts: 6.0.0
  - contactsinteraction: 1.10.0
  - dashboard: 7.9.0
  - dav: 1.30.1
  - deck: 1.13.1
  - drawio: 3.0.2
  - federatedfilesharing: 1.19.0
  - federation: 1.19.0
  - files: 2.1.0
  - files_accesscontrol: 1.19.1
  - files_antivirus: 5.5.7
  - files_automatedtagging: 1.19.0
  - files_downloadlimit: 2.0.0
  - files_external: 1.21.0
  - files_fulltextsearch: 29.0.1
  - files_pdfviewer: 2.10.0
  - files_reminders: 1.2.0
  - files_sharing: 1.21.0
  - files_trashbin: 1.19.0
  - files_versions: 1.22.0
  - files_zip: 1.6.0
  - fileslibreofficeedit: 1.1.0
  - firstrunwizard: 2.18.0
  - forms: 4.2.4
  - fulltextsearch: 29.0.1
  - fulltextsearch_elasticsearch: 29.0.1
  - integration_openai: 2.0.3
  - logreader: 2.14.0
  - lookup_server_connector: 1.17.0
  - mail: 3.7.7
  - nextcloud-aio: 0.6.0
  - nextcloud_announcements: 1.18.0
  - notes: 4.10.1
  - notifications: 2.17.0
  - notify_push: 0.7.0
  - oauth2: 1.17.0
  - password_policy: 1.19.0
  - photos: 2.5.0
  - previewgenerator: 5.6.0
  - privacy: 1.13.0
  - provisioning_api: 1.19.0
  - recommendations: 2.1.0
  - related_resources: 1.4.0
  - richdocuments: 8.4.5
  - serverinfo: 1.19.0
  - settings: 1.12.0
  - sharebymail: 1.19.0
  - side_menu: 3.13.1
  - snappymail: 2.37.2
  - socialsharing_email: 3.1.0
  - spreed: 19.0.8
  - support: 1.12.0
  - suspicious_login: 7.0.0
  - systemtags: 1.19.0
  - tasks: 0.16.0
  - text: 3.10.1
  - theming: 2.4.0
  - translate: 2.2.0
  - twofactor_backupcodes: 1.18.0
  - twofactor_totp: 11.0.0-dev
  - user_saml: 6.2.0
  - user_status: 1.9.0
  - viewer: 2.3.0
  - weather_status: 1.9.0
  - workflowengine: 2.11.0
Disabled:
  - encryption: 2.17.0
  - extract: 1.3.6 (installed 1.3.6)
  - files_rightclick: 0.15.1 (installed 1.6.0)
  - groupfolders: 17.0.2 (installed 17.0.2)
  - integration_mastodon: 2.0.6 (installed 2.0.6)
  - maps: 1.4.0 (installed 1.4.0)
  - occweb: 0.2.0 (installed 0.2.0)
  - registration: 2.4.0 (installed 2.4.0)
  - serverinfo-master: 2.0.0
  - survey_client: 1.17.0 (installed 1.15.0)
  - twofactor_nextcloud_notification: 3.10.0 (installed 3.10.0)
  - user_ldap: 1.20.0
  - webapppassword: 24.8.0 (installed 24.8.0)

Nextcloud Signing status

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- core
    - INVALID_HASH
        - core/js/mimetypelist.js
    - EXTRA_FILE
        - core/img/filetypes/drawio.svg
        - core/img/filetypes/dwb.svg

Raw output
==========
Array
(
    [core] => Array
        (
            [INVALID_HASH] => Array
                (
                    [core/js/mimetypelist.js] => Array
                        (
                            [expected] => 5b121122c0bec0580402c04605700056ee06eb553a4692bfc085ad3fc17aa49af43ca7795e98cbd22383020bfa9809bf3cc824b1673595f461479afb602bcec4
                            [current] => 3780abf2631567308dea2792113a813b71ed713c53769f4197a5e6205a4c2f1f6f6d84c8d58037e0a49b5148caf3be55276bf23f5e215e0e4d27cc8102c45b09
                        )

                )

            [EXTRA_FILE] => Array
                (
                    [core/img/filetypes/drawio.svg] => Array
                        (
                            [expected] => 
                            [current] => 92e0974cf869bf8ab969c3442dc2b80d55fde36441d22924db74916a06b407520aa2a9dc39336f9157195ebede697ffac0e639360879255ab91932d406e1897d
                        )

                    [core/img/filetypes/dwb.svg] => Array
                        (
                            [expected] => 
                            [current] => 43731dd5f17a048112ea5109b40b02ec019b3ee2324385a0f448e3bd2264cb13dc160ab018d893f92f8e2f168fd09009b51578c8c6b97a02a1617c67ac087701
                        )

                )

        )

)

Nextcloud Logs

With the logs the post was too long, so I removed them No response

Additional info

Below info was asked in the AIO section:

Host OS

Ubuntu 22.04.4

Docker run command or docker-compose file that you used

nextcloud-aio-mastercontainer:
  image: nextcloud/all-in-one:latest
  init: true
  container_name: nextcloud-aio-mastercontainer
  restart: unless-stopped
  volumes:
    - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
    - /var/run/docker.sock:/var/run/docker.sock:ro
  ports:
    - 8091:8080

  environment:
    - APACHE_PORT=11000
    - APACHE_IP_BINDING=0.0.0.0
    - NEXTCLOUD_DATADIR=/mnt/nextcloud
    - NEXTCLOUD_MOUNT=/mnt/nc-filedata
    - NEXTCLOUD_MEMORY_LIMIT=1024M
    - AIO_COMMUNITY_CONTAINERS=local-ai
  networks:
    nextcloud:
    frontend:

Nextcloud AIO version

Nextcloud Hub 8 (29.0.4)

[roelofz]

@szaimen Is this 28-related, I am running 29.0.4 or?

[szaimen]

Sorry, clicked the wrong label

[roelofz]

Is there some progress on this topic?

[roelofz]

Waauw:

https://help.nextcloud.com/t/nextcloud-aio-how-to-persist-changes-to-php-ini-in-the-nextcloud-aio-nextcloud-container-that-resets-after-an-update/186477

@szaimen Isn´t this something you or one of your colleges could have mentioned in this issue? I think the shortage in resources answering community questions is really bad marketing, leaving unanswered topics in git and help. Puzzled...

[skjnldsv]

Yeah, looks like a php ini conflict, as per our docs https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#session-lifetime

[roelofz]

Ehhh @skjnldsv , this is a clue?

So php.ini is not to be modified as it is generated by AIO, so... I tried adding the variable to the environment of the mastercontainer, but it does not appear, while being visible in portainer as an Environment variable. Tried the following in docker compose:

• session.gcmaxlifetime=14400 This didn´t work, so I tried with and without PHP
• PHP_SESSION.GC_MAXLIFETIME=14400

So again, where can I find how to modify this? Is there a conversion rule (add PHP_ for instance) when adding PHP variables? How to check if a variable is applied?

More puzzled....

[skjnldsv]

@szaimen this is an AIO issue then?

[szaimen]

@szaimen this is an AIO issue then?

I cannot tell. My test account does never get logged out on my test server and especially not after 12h like described above.

[skjnldsv]

@roelofz do you have are reverse proxy ?

@szaimen is there some docs on how to update php ini files on AIO so it stays permanent?

[szaimen]

is there some docs on how to update php ini files on AIO so it stays permanent?

This is currently not supported but we could think about increasing the default for session.gc_maxlifetime if it should make a difference.

[roelofz]

That explains a lot. The auto logout feature is now next to useless, and required if I want to to make it more secure. 24 minutes is useless, may have been introduced by PHP in one off the last versions, but that is guessing.

Is a (custom) environment variable not a better idea to include? In that way you don´t change the default and don´t impact current configurations, as all (unexpected) changes will alert users.

[skjnldsv]

Moving to AIO then, feel free to close there Simon

[szaimen]

This is now released with v9.8.0 Beta. Testing and feedback is welcome! See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel

[roelofz]

Thanks! I tested it with a half hour time-out and it works. Now have set it to 8 hours, but confident this does it! Great work and I think securitywise a better starting point!