Authentication problem after upgrade to 10.0.0

[sven3]

Steps to reproduce

1. Install Nextcloud 9.0.53 with IMAP authentication
2. Upgrade to 10.0.0 via "php occ upgrade" as user www-data
3. Try to login

Expected behaviour

Files and calendar can be seen, login without error message

Actual behaviour

Login seems to fail, Web Interfaces says "Problem loading page, reloading in 5 seconds". Files are not displayed.

Server configuration

Operating system: Debian GNU/Linux "jessie" 8.5 on amd64

Web server: Apache 2.4.10 (unmodified Debian package 2.4.10-10+deb8u5)

Database: MySQL 5.5.50 (unmodified Debian package 5.5.50-0+deb8u1)

PHP version: 5.6.24 (unmodified Debian package 5.6.24+dfsg-0+deb8u1)

Nextcloud version: Nextcloud 10.0 (stable) as reported on admin site, but reported as 9.1.0.16 in config.php

Updated from an older Nextcloud/ownCloud or fresh install: updated from previous stable version 9.0.53, which ran without problems.

Where did you install Nextcloud from: Downloaded the Zip file from https://nextcloud.com/install/

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

Enabled:

• admin_audit: 1.0.0
• calendar: 1.3.3
• comments: 1.0.0
• dav: 1.0.0
• federatedfilesharing: 1.0.1
• federation: 1.0.1
• files: 1.5.2
• files_external: 1.0.2
• files_pdfviewer: 0.8.1
• files_sharing: 1.0.0
• files_texteditor: 2.1
• files_trashbin: 1.0.0
• files_videoplayer: 0.9.8
• firstrunwizard: 1.1
• notifications: 0.3.0
• password_policy: 1.0.0
• provisioning_api: 1.0.0
• serverinfo: 1.1.1
• survey_client: 0.1.5
• systemtags: 1.0.2
• templateeditor: 0.1
• theming: 1.0.1
• updatenotification: 1.0.1
• user_external: 0.4
• workflowengine: 1.0.1
  Disabled:
• activity
• encryption
• external
• files_accesscontrol
• files_automatedtagging
• files_retention
• files_versions
• gallery
• user_ldap
• user_saml

The content of config/config.php:

Config report

{
"system": {
"instanceid": "oc4ddy17c9k5",
"passwordsalt": "_REMOVED SENSITIVE VALUE",
"secret": "_REMOVED SENSITIVE VALUE",
"trusted_domains": [
"my-domain.de",
"my-other-domain.de"
],
"datadirectory": "/var/www/my-domain.de/cloud/data",
"overwrite.cli.url": "https://my-domain.de/cloud",
"dbtype": "mysql",
"version": "9.1.0.16",
"dbname": "owncloud2",
"dbhost": "webserver",
"dbtableprefix": "oc_",
"dbuser": "_REMOVED SENSITIVE VALUE",
"dbpassword": "_REMOVED SENSITIVE VALUE",
"logtimezone": "Europe/Berlin",
"installed": true,
"theme": "",
"loglevel": 2,
"maintenance": false,
"user_backends": [
{
"class": "OC_User_IMAP",
"arguments": [
"{localhost:993/imap/ssl/novalidate-cert/notls/readonly}"
]
}
],
"htaccess.RewriteBase": "/cloud"
}
}

Are you using external storage, if yes which one: yes, local

Are you using encryption: no

Are you using an external user-backend, if yes which one: yes, IMAP authentication

Client configuration

Browser: Firefox 48.0

Operating system: Ubuntu 16.04 on amd64

Logs

Web server error log

Web server error log

[Wed Aug 31 19:01:47.479659 2016] [:error] [pid 4522] [client 2001:db8:1:1:ed64:4cb2:c227:b392:40452] PHP Fatal error: Uncaught exception 'Exception' with message 'Session has been closed - no further changes to the session are allowed' in /var/www/my-domain.de/cloud/lib/private/Session/Internal.php:154\nStack trace:\n#0 /var/www/my-domain.de/cloud/lib/private/Session/Internal.php(64): OC\Session\Internal->validateSession()\n#1 /var/www/my-domain.de/cloud/lib/private/Session/CryptoSessionData.php(164): OC\Session\Internal->set('encrypted_sessi...', 'e3b4eba3a833fa5...')\n#2 /var/www/my-domain.de/cloud/lib/private/Session/CryptoSessionData.php(67): OC\Session\CryptoSessionData->close()\n#3 [internal function]: OC\Session\CryptoSessionData->__destruct()\n#4 {main}\n thrown in /var/www/my-domain.de/cloud/lib/private/Session/Internal.php on line 154, referer: https://my-domain.de/cloud/

#### Nextcloud log (data/nextcloud.log)

Nextcloud log

{"reqId":"O+0RJqz9QDOXkLpQrjyh","remoteAddr":"2001:db8:1:1:ed64:4cb2:c227:b392","app":"core","message":"Login failed: 'sven' (Remote IP: '2001:db8:1:1:ed64:4cb2:c227:b392')","level":2,"time":"2016-08-31T19:14:22+02:00","method":"GET","url":"/cloud/index.php/apps/files/","user":"sven"}

#### Browser log

Browser log

I don't have a browser log I could paste here.

[sven3]

Unfortunately the problem is still present in 10.0.1. :-(

[nickvergessen]

Hmm, seems like one of your apps is causing this issue.
Can you add some code before the following line:

server/lib/private/Session/Internal.php

Line 154 in 0215b00

throw new \Exception('Session has been closed - no further changes to the session are allowed');

throw new \Exception('Session has been closed - no further changes to the session are allowed');

If you add the following code before it, there should be useful information in your nextcloud.log file, once this occurred again.

\OC::$server->getLogger()->logException(new \Exception('Session has been closed - no further changes to the session are allowed'));

[sven3]

Thanks for the answer, nickvergessen. This is what gets logged after making the change you proposed:

{"reqId":"B0+juLgGA1p2CId+1xnu","remoteAddr":"2001:db8:1:1:957f:9801:eb1c:8b47","app":"no app in context","message":"Exception: {"Exception":"Exception","Message":"Session has been closed - no further changes to the session are allowed","Code":0,"Trace":"#0 \/var\/www\/my-domain.de\/cloud\/lib\/private\/Session\/Internal.php(64): OC\Session\Internal->validateSession()\n#1 \/var\/www\/my-domain.de\/cloud\/lib\/private\/Session\/CryptoSessionData.php(164): OC\Session\Internal->set('encrypted_sessi...', 'bbb3151aa79c52d...')\n#2 \/var\/www\/my-domain.de\/cloud\/lib\/private\/Session\/CryptoSessionData.php(67): OC\Session\CryptoSessionData->close()\n#3 [internal function]: OC\Session\CryptoSessionData->__destruct()\n#4 {main}","File":"\/var\/www\/my-domain.de\/cloud\/lib\/private\/Session\/Internal.php","Line":154}","level":3,"time":"2016-09-30T13:19:24+02:00","method":"GET","url":"/cloud/index.php/apps/files/","user":"sven"}

[GitHubUser4234]

@sven3 : Please refer to #1303, not sure whether the fix for it also solves your problem, but it's worth a shot.

[nickvergessen]

Closing this. Feel free to reopen, when the above issue does not fix this.

[sven3]

I applied commit 028c668, but this does not seem to fix my problem. :-( Anyway, thanks for your continued help!

It seems I don't have the rights to reopen this issue (or I'm just too dumb to find out how). So, if anybody with appropriate permissions could please reopen this...

[sven3]

@nickvergessen , the symptoms have changed with Nextcloud 11.0.0. I have described them here: https://help.nextcloud.com/t/authentication-problem-after-upgrade-to-10-0-0/2837/8

[rseabra]

After upgrading to nextcloud 11, I'm facing inability to login as well. CentOS 7, PHP 7.1, Apache httpd 2.4 as packaged by CentOS.

[rseabra]

Logfile with debug level 0, censored values:

{"reqId":"CENSORED1","remoteAddr":"MYIP","app":"no app in context","message":"Current user is not logged in","level":0,"time":"2016-12-25T12:43:19+00:00","method":"GET","url":"/index.php/apps/files/","user":"--","version":"11.0.0.10"}

[rseabra]

This appears to only affect the web ui, as caldav requests and carddav requests seem to be working.

[rseabra]

Oh, and I don't use IMAP authentication, so sorry if I am causing noise, but the behaviour is somewhat similar.