[Bug]: HMAC does not match. Could not decrypt or decode encrypted session data

[AndyXheli]

⚠️ This issue respects the following points: ⚠️

• [X] This is a bug, not a question or a configuration/webserver/proxy issue.
• [X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• [X] I agree to follow Nextcloud's Code of Conduct.

Bug description

Getting following error on NC 28 RC4. Might be the same as https://github.com/nextcloud/server/issues/41254#issuecomment-1849257556

Steps to reproduce

Not Sure

Expected behavior

Not Sure

Installation method

Community Manual installation with Archive

Nextcloud Server version

28

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Upgraded to a MAJOR version (ex. 22 to 23)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• [X] Default user-backend (database)
• [ ] LDAP/ Active Directory
• [ ] SSO - SAML
• [ ] Other

Configuration report

No response

List of activated Apps

No response

Nextcloud Signing status

No response

Nextcloud Logs

{"reqId":"FuMPRjC8eJRqt0MgX7ET","level":3,"time":"2023-12-10T16:02:10-06:00","remoteAddr":"172.58.164.60","user":"--","app":"no app in context","method":"REPORT","url":"/remote.php/dav/files/axheli","message":"Could not decrypt or decode encrypted session data","userAgent":"Mozilla/5.0 (iOS) Nextcloud-iOS/4.9.3","version":"28.0.0.10","exception":{"Exception":"Exception","Message":"HMAC does not match.","Code":0,"Trace":[{"file":"/var/www/nextcloud/lib/private/Security/Crypto.php","line":119,"function":"decryptWithoutSecret","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Session/CryptoSessionData.php","line":90,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Session/CryptoSessionData.php","line":67,"function":"initializeSession","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/nextcloud/lib/private/Session/CryptoWrapper.php","line":112,"function":"__construct","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":449,"function":"wrapSession","class":"OC\\Session\\CryptoWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":705,"function":"initSession","class":"OC","type":"::"},{"file":"/var/www/nextcloud/lib/base.php","line":1200,"function":"init","class":"OC","type":"::"},{"file":"/var/www/nextcloud/remote.php","line":119,"args":["/var/www/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/Security/Crypto.php","Line":158,"message":"Could not decrypt or decode encrypted session data","exception":[],"CustomMessage":"Could not decrypt or decode encrypted session data"},"id":"6577154851e3b"}

Additional info

No response

[Mr-Maniac]

I also get this log when Thunderbird syncs CardDAV/CalDAV via App password (2FA enabled for "normal" account). But not from android / DAVx5

EDIT: Also seems to happen when Browser (Firefox) is freshly opened and I open Nextcloud.

Nextcloud Server Version 28.0.0 (upgraded via web updater)

OS: Gentoo Linux - Kernel 6.1.67-gentoo

PHP 8.2.13

Webserver: Apache

DB: Postgres

DB user backend

No server encryption

Log: {"reqId":"eHty4HYgC7PZkqoE7Azl","level":3,"time":"2023-12-18T22:31:52+01:00","remoteAddr":"fd00::a7d3:7ce8:c4d3:6189","user":"--","app":"no app in context","method":"PROPFIND","url":"/remote.php/dav/addressbooks/users/XXX/contacts/","message":"Could not decrypt or decode encrypted session data","userAgent":"Thunderbird CardBook/92.1","version":"28.0.0.11","exception":{"Exception":"Exception","Message":"HMAC does not match.","Code":0,"Trace":[{"file":"/mnt/web/nextcloud/lib/private/Security/Crypto.php","line":119,"function":"decryptWithoutSecret","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/mnt/web/nextcloud/lib/private/Session/CryptoSessionData.php","line":90,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/mnt/web/nextcloud/lib/private/Session/CryptoSessionData.php","line":67,"function":"initializeSession","class":"OC\\Session\\CryptoSessionData","type":"->","args":[]},{"file":"/mnt/web/nextcloud/lib/private/Session/CryptoWrapper.php","line":112,"function":"__construct","class":"OC\\Session\\CryptoSessionData","type":"->","args":[["OC\\Session\\Internal"],["OC\\Security\\Crypto"],"*** sensitive parameters replaced ***"]},{"file":"/mnt/web/nextcloud/lib/base.php","line":449,"function":"wrapSession","class":"OC\\Session\\CryptoWrapper","type":"->","args":[["OC\\Session\\Internal"]]},{"file":"/mnt/web/nextcloud/lib/base.php","line":705,"function":"initSession","class":"OC","type":"::","args":[]},{"file":"/mnt/web/nextcloud/lib/base.php","line":1200,"function":"init","class":"OC","type":"::","args":[]},{"file":"/mnt/web/nextcloud/remote.php","line":119,"args":["/mnt/web/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/mnt/web/nextcloud/lib/private/Security/Crypto.php","Line":158,"message":"Could not decrypt or decode encrypted session data","exception":[],"CustomMessage":"Could not decrypt or decode encrypted session data"},"id":"6580bb340ff49"}

[o-live-r]

I get the same bug using ubuntu 22.04.03 LTS (VM) with mariadb and nginx

[rrose-github]

I just did a clean install of Nextcloud 28.0.0 on Ubuntu 22.04 LTS using nginx, PHP 8.2, and PostgreSQL as the database. I too have received the exception "HMAC does not match. Could not decrypt or decode encrypted session data"

Given the timestamp of the exception, I probably was accessing the server using the Nextcloud iOS app.

[BJKle]

@rrose-github that's it. When I open the latest NC iOS App the error gets thrown. Now I know why I have so many of these errors. Hopefully it gets fixed soon.

[AndyXheli]

Hi @marinofaggiana Is this something that needs to be address on iOS app or on the server end ?

[johnczer]

I saw this error only one time when trying to open a document in Nextcloud from IOS device over cellular. But it was because I was blocking access to Collabora online port. Once I opened the port to CODE again this error did not reappear.

[IssueFindings]

Hello, I have the same issue. In my case, last version NextCloud/PHP/Nginx installation with Nextcloud mac Legacy client, when I turn off the plugin "End-to-end encryption" everything works again. I think this plugin is not fulling tested with the last NextCloud server version. Have a nice Christmas day !

[rrose-github]

Just to update my previous mention of getting the HMAC error when access the Nextcloud server from my iPhone. The version of the Nextcloud iOS app that I have installed is "Nextcloud Liquid for iOS 4.9.6.1". I don't have Collabora or any VPN software installed. Presumably the iPhone was utilizing my WiFi connection, and not cellular.

[rrose-github]

As an additional follow-up, the HMAC error is seeming to happening when I first attempt to play a MP3 that are on my Nextcloud account. At this time, I'm not sure if that is the only time the HMAC error is generated, but playing a MP3 seems to usually trigger the issue.

For anyone else getting this error, the "work-around solution" that I found was to add these lines to the /lib/systemd/system/php8.2-fpm.service file under the [Service] section:

Restart=on-failure
RestartSec=1s 

After modifying the service file, you also need to execute this statement: sudo systemctl daemon-reload

When the HMAC error is generated in Nextcloud, php8.2-fpm is being killed with a "oom-kill". The above lines will cause Linux to automatically restart php8.2-fpm, restoring everything to normal. Also, after php8.2-fpm is restarted, the Nextcloud iOS app is able to play the audio file.

NOTE: I happen to have version 8.2 of php installed on this system. If you have a different version of php installed, then the version number in the filename will change accordingly.

[GrahamTolhurst]

Nextcloud 28.01, Ubuntu Server 22.04.3, Apache 2.4.58, MariaDB 10.6.12, PHP 8.2.14, Nextcloud Default Encryption Module disabled.

I'm getting the exact same problem. However, I can't find a trigger for it. Some of the posts above highlight actions that cause this, but none of them reliably trigger this in the Nextcloud log. When I notice the log entry, the timestamp is always several hours ago, and I can't remember what I was doing at the time.

I have the iOS Nextcloud app, but opening and browsing through that doesn't trigger this event. I have Calendar and Contacts synching with my iPhone Calendar and Contacts, but a manual sync doesn't trigger it. I have Joplin on more than one PC, synching via local folders, and also on my iPhone synching via WebDAV URL with an app specific password assigned in Settings-Personal Security-Devices & sessions.

I also have Home Assistant (on a Raspberry Pi) that is connected to my Nextcloud with an app specific password.

In the raw log entry, there is a reference to iOS, so the problem may be triggered by something on my iPhone. Manually synching any of my connected app/services doesn't trigger this event.

[GrahamTolhurst]

Suspecting that the problem may be related to the iOS Nextcloud app (despite not being able to manually trigger the error), I looked a bit deeper into the app settings. There is a log file created by the app. There is a section in the log that's time stamped with the same time and date as the errors in my Nextcloud server log.

Attached to this post is a copy of the relevant section. I'm no expert, but it looks like 'user_status' is causing the issue. Now that reminds me that I've been having problems with my user status within Nextcloud. It's not consistent. It seems to be a random status (Online, Away, Do Not Disturb etc.) despite trying to set it as Online. I remember recently disabling it in the Nextcloud server apps. I don't use this feature, and it's random status was annoying, so I disabled it. Maybe this is the issue?

iOS_Nextcloud_Log.txt

[Mr-Maniac]

Just a little addendum to my last post:

Nextcloud and PHP have been updated in the meantime:

Nextcloud Server Version 28.0.1 (updated via web updater)

PHP 8.2.14

Log still appears but it seems like it does not have any negative side effects (aside from the log entry everything seems to be working normally). Response-codes are all normal (200/207) and no PHP error messages.

Really only happens when Thunderbird (with Cardbook extension) is freshly opened (NOT on sync when it is still running) and when Firefox is freshly opened and I open Nextcloud (no matter if I open /apps/dashboard/ or apps/files/ - but if I open Nextcloud again in the running Firefox instance, log entry does not appear...

[alienos]

In my case there is an error when uploading a photo from the android app.

{
  "reqId": "XKpOw8vNOPny1Tvq85B6",
  "level": 3,
  "time": "2023-12-30T22:41:28+00:00",
  "remoteAddr": "192.168.1.228",
  "user": "--",
  "app": "no app in context",
  "method": "GET",
  "url": "/index.php/apps/files/api/v1/thumbnail/128/128/InstantUpload/Camera/IMG_20231230_234115910_MP.jpg",
  "message": "Could not decrypt or decode encrypted session data",
  "userAgent": "Mozilla/5.0 (Android) Nextcloud-android/3.26.0",
  "version": "28.0.1.1",
  "exception": {
    "Exception": "Exception",
    "Message": "HMAC does not match.",
    "Code": 0,
    "Trace": [
      {
        "file": "/var/www/html/lib/private/Security/Crypto.php",
        "line": 119,
        "function": "decryptWithoutSecret",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/html/lib/private/Session/CryptoSessionData.php",
        "line": 90,
        "function": "decrypt",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/html/lib/private/Session/CryptoSessionData.php",
        "line": 67,
        "function": "initializeSession",
        "class": "OC\\Session\\CryptoSessionData",
        "type": "->",
        "args": []
      },
      {
        "file": "/var/www/html/lib/private/Session/CryptoWrapper.php",
        "line": 112,
        "function": "__construct",
        "class": "OC\\Session\\CryptoSessionData",
        "type": "->",
        "args": [
          [
            "OC\\Session\\Internal"
          ],
          [
            "OC\\Security\\Crypto"
          ],
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/html/lib/base.php",
        "line": 449,
        "function": "wrapSession",
        "class": "OC\\Session\\CryptoWrapper",
        "type": "->",
        "args": [
          [
            "OC\\Session\\Internal"
          ]
        ]
      },
      {
        "file": "/var/www/html/lib/base.php",
        "line": 705,
        "function": "initSession",
        "class": "OC",
        "type": "::",
        "args": []
      },
      {
        "file": "/var/www/html/lib/base.php",
        "line": 1200,
        "function": "init",
        "class": "OC",
        "type": "::",
        "args": []
      },
      {
        "file": "/var/www/html/index.php",
        "line": 37,
        "args": [
          "/var/www/html/lib/base.php"
        ],
        "function": "require_once"
      }
    ],
    "File": "/var/www/html/lib/private/Security/Crypto.php",
    "Line": 158,
    "message": "Could not decrypt or decode encrypted session data",
    "exception": [],
    "CustomMessage": "Could not decrypt or decode encrypted session data"
  },
  "id": "65909e899b44d"
}

[noci2012]

Similar, just on a heartbeat ... from a chromium browser on up to date Gentoo Linux

{"reqId":"7SPmtU8WtanMMDXtcjVF","level":3,"time":"2024-01-02T01:55:54+00:00","remoteAddr":"192.168.x.y","user":"--","app":"no app in context","method":"PUT","url":"/ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json","message":"Could not decrypt or decode encrypted session data","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36","version":"28.0.1.1","exception":{"Exception":"Exception","Message":"HMAC does not match.","Code":0,"Trace":
[{"file":"/var/www/nextcloud/lib/private/Security/Crypto.php","line":119,"function":"decryptWithoutSecret","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Session/CryptoSessionData.php","line":90,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Session/CryptoSessionData.php","line":67,"function":"initializeSession","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/nextcloud/lib/private/Session/CryptoWrapper.php","line":112,"function":"__construct","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":449,"function":"wrapSession","class":"OC\\Session\\CryptoWrapper","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":705,"function":"initSession","class":"OC","type":"::"},
{"file":"/var/www/nextcloud/lib/base.php","line":1200,"function":"init","class":"OC","type":"::"},{"file":"/var/www/nextcloud/ocs/v1.php","line":31,"args":["/var/www/nextcloud/lib/base.php"],"function":"require_once"},{"file":"/var/www/nextcloud/ocs/v2.php","line":23,"args":["/var/www/nextcloud/ocs/v1.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/Security/Crypto.php","Line":158,"message":"Could not decrypt or decode encrypted session data","exception":[],"CustomMessage":"Could not decrypt or decode encrypted session data"},"id":"6593e7a938c1b"}

[eugef66]

Getting the same errors for all files I upload using Nextcloud iOS app:

{
  "reqId": "E0TPH6vF3HOND0zR1WM5",
  "level": 3,
  "time": "2023-12-27T03:38:22+00:00",
  "remoteAddr": "207.44.63.80",
  "user": "--",
  "app": "no app in context",
  "method": "MKCOL",
  "url": "/nextcloud/remote.php/dav/files/vasa/Photos/2023",
  "message": "Could not decrypt or decode encrypted session data",
  "userAgent": "Mozilla/5.0 (iOS) Nextcloud-iOS/4.9.6",
  "version": "28.0.1.1",
  "exception": {
    "Exception": "Exception",
    "Message": "HMAC does not match.",
    "Code": 0,
    "Trace": [
      {
        "file": "/var/www/nextcloud/lib/private/Security/Crypto.php",
        "line": 119,
        "function": "decryptWithoutSecret",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/Session/CryptoSessionData.php",
        "line": 90,
        "function": "decrypt",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/Session/CryptoSessionData.php",
        "line": 67,
        "function": "initializeSession",
        "class": "OC\\Session\\CryptoSessionData",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/private/Session/CryptoWrapper.php",
        "line": 112,
        "function": "__construct",
        "class": "OC\\Session\\CryptoSessionData",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/base.php",
        "line": 449,
        "function": "wrapSession",
        "class": "OC\\Session\\CryptoWrapper",
        "type": "->"
      },
      {
        "file": "/var/www/nextcloud/lib/base.php",
        "line": 705,
        "function": "initSession",
        "class": "OC",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/lib/base.php",
        "line": 1200,
        "function": "init",
        "class": "OC",
        "type": "::"
      },
      {
        "file": "/var/www/nextcloud/remote.php",
        "line": 119,
        "args": [
          "/var/www/nextcloud/lib/base.php"
        ],
        "function": "require_once"
      }
    ],
    "File": "/var/www/nextcloud/lib/private/Security/Crypto.php",
    "Line": 158,
    "message": "Could not decrypt or decode encrypted session data",
    "exception": [],
    "CustomMessage": "Could not decrypt or decode encrypted session data"
  },
  "id": "65946242321a0"
}

[whitewings00]

I get the same error entry when I open the iOS app. If it stays open in the background, the error doesn't appear for me. If the app is closed completely and reopened, this error message appears again. Nextcloud 28.01, Debian GNU/Linux 12 (bookworm) on Raspi, Apache 2.4.58 + NGINX Proxy Manager (on another host), MariaDB 10.6.12, PHP 8.2.14, Nextcloud Default Encryption Module and the user_state app are disabled no use.

[szaimen]

cc @ChristophWurst

[ChristophWurst]

Session is decrypted using the oc_sessionPassphrase cookie value. I think this error happens when the cookie is assigned a new value and the old one is still sent to the backend. This might be a timing problem or race condition.

[hanserasmus]

I get this when trying to upload a file via the android app. More specifically, going to a different app than nextcloud, like CamScan app, pressing the share button, and then selecting Nextcloud. I get this no matter what app I use. If I try to upload via the + sign inside the Nextcloud app, it works fine.

I don't have any encryption enabled, so it is definitely not related to encryption, and definitely not only iOS app.

Server is Apache/2.4.37 (CentOS Stream), PHP 8.1, and MariaDB 10.5.23-1.el8.x86_64.

[noci2012]

I think it is linked to idle time. Where some cookies expire, and others do not or the generated password is used. It also happens on the regular browser or the linux desktop client. (as a laptop is also the remote address in the logging).

[GrahamTolhurst]

I think @noci2012 is on the right lines. The problem is definitely related to the use of the Nextcloud app. It will trigger four consecutive errors whenever I use the iOS Nextcloud app to authenticate a login on another device. And it will also trigger four consecutive errors if I access a file on the Nextcloud app (it may cause the errors just when opening the app, but I haven't verified this yet). However, the problem is not repeatable. If I use the app and get the errors, using it again within a few tens of minutes does not create more errors. There is definitely a time since last used, after which, re-using the app will cause the errors. I have no idea how long it takes before using the app causes another set of four errors.

There is a minor Nextcloud server update due to be released next week. The RC1 doesn't list this error in the list of fixes applied, so I'm guessing nobody has looked into this problem yet, or if they have, they haven't identified or fixed it. There also seems to be a lack of feedback on this chat thread about any positive resolution. I realise the problem may not be with Nextcloud server, but with the Nextcloud app, but some feedback would be reassuring to see. Then at least we know it's being addressed.

[AndyXheli]

Still waiting on the iOS team to respond they where tagged in the a while back from one of my comments

[sonyon]

I don't think the problem is with the apps, it happened to me during a fresh installation. Without using the apps. The logins via the web interface fail several times and I have the error message in the logs. The cookies didn't have time to expire at the time either.

[AndyXheli]

@sonyon are you getting some Temporary Error and you have to try again to login? I get that all the time ever since this new update the my sessions won't save I have to constantly log into my sever every time I close my browser

[realDayaa]

@AndyXheli this happens daily in my instance as well since 28.0.0

[AndyXheli]

I thought something was going on with my server! I tried so many different browsers all the same stuff. I don't know what was changed but this really sucks having to login every time and getting these temp error while doing so.

[ChristophWurst]

@AndyXheli and you are consistently seeing "HMAC does not match. Could not decrypt or decode encrypted session data" in your log before you have to log in again?

[AndyXheli]

Hey @ChristophWurst yes for me I do. Seems to happen also them that temporary error happens during login. I put in the correct username and password and get temporary error then I put it in again and takes me to 2FA but I see the error logs and see these error at the same time.

[nox309]

Hello everyone, I am getting the same error but in a different context. I hope I am in the right place and can contribute to a solution:

I have an Ubuntu 22.04.3 LTS with nginx and NPM (nginx Proxy Manager) in front of it. PHP in the version PHP 8.2.14. NC Version 28.0.1 Fresh installation from the end of December. Nextcloud is operated with LDAP user backend. Get the error when logging into the Nextcloud, the user is shown "Temporary error, please try again", As admin I only see "Exception HMAC does not match. Could not decrypt or decode encrypted session data"

The log shows me the following: {"reqId":"rZuttWXQCPlsrr2ZwmYJ","level":3,"time":"2024-01-23T12:07:58+01:00","remoteAddr":"176.7.11.164","user":"--","app":"no app in context","method":"GET","url":"/ocs/v1.php/cloud/capabilities","message":"Could not decrypt or decode encrypted session data","userAgent":"Mozilla/5.0 (iOS) Nextcloud-iOS/4.9.6","version":"28.0.1.1","exception":{"Exception":"Exception","Message":"HMAC does not match.","Code":0,"Trace":[{"file":"/var/www/html/lib/private/Security/Crypto.php","line":119,"function":"decryptWithoutSecret","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Session/CryptoSessionData.php","line":90,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Session/CryptoSessionData.php","line":67,"function":"initializeSession","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/html/lib/private/Session/CryptoWrapper.php","line":112,"function":"__construct","class":"OC\\Session\\CryptoSessionData","type":"->"},{"file":"/var/www/html/lib/base.php","line":449,"function":"wrapSession","class":"OC\\Session\\CryptoWrapper","type":"->"},{"file":"/var/www/html/lib/base.php","line":705,"function":"initSession","class":"OC","type":"::"},{"file":"/var/www/html/lib/base.php","line":1200,"function":"init","class":"OC","type":"::"},{"file":"/var/www/html/ocs/v1.php","line":31,"args":["/var/www/html/lib/base.php"],"function":"require_once"}],"File":"/var/www/html/lib/private/Security/Crypto.php","Line":158,"message":"Could not decrypt or decode encrypted session data","exception":{},"CustomMessage":"Could not decrypt or decode encrypted session data"}}

[andrut04]

I'm also getting "Exception HMAC does not match." error since updating to 28.

[AndyXheli]

I tried doing that and it dose not work for me

[ChristophWurst]

Does anyone of you use Redis for PHP's session storage?

[muddu007]

@ChristophWurst yes i use Redis

[ChristophWurst]

Do you have the three suggested php.ini entries of https://docs.nextcloud.com/server/25/admin_manual/configuration_server/caching_configuration.html#id2, too?

[eugef66]

Does anyone of you use Redis for PHP's session storage?

@ChristophWurst Yes I do. It was suggestion during one of the previous NC upgrades.

[eugef66]

Do you have the three suggested php.ini entries of https://docs.nextcloud.com/server/25/admin_manual/configuration_server/caching_configuration.html#id2, too?

@ChristophWurst Yes. I have those entries in config.php

'memcache.local' => '\\OC\\Memcache\\APCu', 'memcache.distributed' => '\\OC\\Memcache\\Redis', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'redis' => array ( 'host' => 'localhost', 'port' => 6379, 'timeout' => 0.0, ),

[ChristophWurst]

For clarification, I am not referring to Redis as caching backend. I am referring to session.save_handler = redis in php*.ini and

Adding the following settings in your php.ini file will prevent session corruption when using Redis as your session handler:

redis.session.locking_enabled=1 redis.session.lock_retries=-1 redis.session.lock_wait_time=10000

[muddu007]

@ChristophWurst I am running nextcloud in docker container. i edited /usr/local/etc/php/conf.d/nextcloud.ini file in container and added these lines

redis.session.locking_enabled=1
redis.session.lock_retries=-1
redis.session.lock_wait_time=10000

Also i changed the cron job to */5 * * * * docker exec -u www-data nextcloud php /var/www/html/cron.php --define apc.enable_cli=1. It works perfectly now. Should i add apc.enable_cli=1 to nextcloud.ini file instead of cronjob. Thank you for your help.

[muddu007]

@ChristophWurst Thank you. I guess the problem is solved. You are awesome.

[AndyXheli]

Hey @ChristophWurst I use Redis and APCU

memcache.local' => '\OC\Memcache\APCu', 'memcache.distributed' => '\OC\Memcache\Redis', 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array ( 'host' => 'localhost', 'port' => 6379, ),

Should i be putting somthing under the redis.php ?

[muddu007]

@AndyXheli Find your php.ini file by running php --ini or try looking here /usr/local/etc/php/php.ini

[AndyXheli]

@muddu007 Thank you found it /etc/php/8.3/cli/php.ini now I'm guessing just add 3 configs at the bottom? redis.session.locking_enabled=1 redis.session.lock_retries=-1 redis.session.lock_wait_time=10000

[muddu007]

yes i also added apc.enable_cli=1 as suggested in documentation. No errors until now.

APCu is disabled by default on CLI which could cause issues with nextcloud’s cron jobs. Please make sure you set the apc.enable_cli to 1 on your php.ini config file or append --define apc.enable_cli=1 to the cron job call.

[AndyXheli]

Okay i added "/etc/php/8.3/cli/php.ini"

session.save_handler = redis redis.session.locking_enabled=1 redis.session.lock_retries=-1 redis.session.lock_wait_time=10000

and made sure apc.enable_cli=1 is also there.

[realDayaa]

@ChristophWurst Any idea for those not using redis?
I'm using the nextcloud docker image as described in nextcloud/docker

[eugef66]

1. Added following lines at the end of my php.ini (/etc/php/8.1/cli/php.ini)

apc.enable_cli=1 session.save_handler = redis redis.session.locking_enabled=1 redis.session.lock_retries=-1 redis.session.lock_wait_time=10000

2. Restarted Apache

3. Uploaded new file via Nextcloud iOS app, which in my case, usually cases the "HMAC doesn't match..." error

No new error logs. Will monitor for 7 days to confirm the issue is resolved. Thank you @ChristophWurst

[ChristophWurst]

My intention was to inquire the usage of the session handler and whether Redis was used.

[muddu007]

Still getting "Temporary error.Please try again." during login. I guess have to live with this.

[AndyXheli]

Same!

[ChristophWurst]

TIL: it's not the session handler. It happens with the Redis and the files handler.