I see the same issue and maybe some more information could help:
The webserver is nginx with php-fastcgi
Protocol https
No PHP memory caching enabled
PHP Version 5.6.30-1~dotdeb+7.1
Host Debian
Upgraded from OwnCloud 9.02

Also this set-up seems to 'forget' that I'm logged in at times. So when I don't click the 'remember log-in' I often see the log-in page. Even from the files view.

Also this set-up seems to 'forget' that I'm logged in at times. So when I don't click the 'remember log-in' I often see the log-in page. Even from the files view.

Could you open a separate issue about that in the server repository at https://github.com/nextcloud/server/issues – thank you! :)

Also this set-up seems to 'forget' that I'm logged in at times. So when I don't click the 'remember log-in' I often see the log-in page. Even from the files view.

Isn't that exactly what one would expect? If you don't click the 'remember me' checkbox then it won't remember you.

Isn't that exactly what one would expect? If you don't click the 'remember me' checkbox then it won't remember you.

Yes, but I would not expect to be logged out after a couple of minutes of inactivity. I mentioned the checkbox as you only notice the problem that when the checkbox is not marked. What happens is that I get the message that something went wrong loading the page and that it will be reloaded automatically after 5 seconds. The reload works when the Remember Log-In box was checked but fails otherwise. I was lucky to see that by chance, I'm not sure how often I missed that message as I usually keep the Nextcloud Mail app open in the browser over the day.

Thus I suspect that there is something weird happening with the session handling. However I do not want to rule out that I disconfigured my set-up the other day. So I want to see if my nginx/php-fastcgi combo is still working as expected and if that's the reason for all the hustle.

That being said, the original issue also sounds like some credentials or session info is 'forgotten' somewhere. I will raise an issue when I have full access to my server so I can check and add logs/configurations accordingly.

Makes sense. Thanks for the detailed explanation!

I was checking my installation and noticed that I'm still running nginx with php-fastcgi. So I removed php-fastcgi and installed php5-fpm instead. After getting it to work again I no longer got logged out and the mail-app runs as expected.

Seems like a dup of https://github.com/nextcloud/mail/issues/322 - closing this one now.

Not sure if that is really a duplicate as I do no longer see the "CSRF check failed" messages but see the same problem like in #322 when Firefox tries to restore the old session. However I would agree that this issue is rather a server configuration issue than a problem within Nextcloud and/or the mailer app.

I definitely still get the CSRF check failed messages, see the log at https://github.com/nextcloud/mail/issues/417

Can we please move this to the Nextcloud server repo? Failing CSRF checks are a general problem independent of this app. One scenario that comes to my mind which would explain the failing csrf checks is when you have more than one tab open and another one triggers the remember-me logic. Then all other tabs have outdated CSRF tokens and thus fail to send certain requests.
I'm not too experienced in this topic, but I think one would need some clean session handling logic in the AJAX code to catch that scenario and fetch a new CSRF token on error. At least that's what @LukasReschke told me one IIRC.

417 has been fixed, btw. Hence I'm closing this now. If anybody sees the CSRF checks fail again, please try to isolate the issue and provide steps to reproduce. Then file a ticket at the Nextcloud server repo and mention me. I'll take a look, promised 😉

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and questions.