Server: Redirect loop login / Renewing session token failed

Just to clarify -> If someone tries three times to login, then it works correctly, but this is not a solution or a workaround.

Can confirm, sometimes lost in a login loop:

• login -> POST https://nextcloud.tld/login -> HTTP 303 (this login seems to work)
• redirection to GET https://nextcloud.tld/apps/calendar/ -> HTTP 303 (default app is calendar on this server - I did try to change this)
• logical redirection to GET https://nextcloud.tld/login?redirect_url=/apps/calendar/ -> HTTP 200

It doesn't seem to depend on:

• whether 2FA is activated or not
• the theme used
• the browser used
• cleaning PHP session files

See also the Nextcloud logs. I added an exception log after the Renewing session token failed logging message to have the following stacktrace:

{
  "reqId":"cDerBGTitY0Ev9uU40k8",
  "level":2,
  "time":"2019-01-17T17:49:27+01:00",
  "remoteAddr":"x.x.x.x",
  "user":"--",
  "app":"core",
  "method":"GET",
  "url":"\/apps\/calendar\/",
  "message":"Renewing session token failed",
  "userAgent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko\/20100101 Firefox\/64.0",
  "version":"15.0.2.0"
}
{
    "reqId": "cDerBGTitY0Ev9uU40k8",
    "level": 3,
    "time": "2019-01-17T17:49:27+01:00",
    "remoteAddr": "x.x.x.x
    "user": "--",
    "app": "no app in context",
    "method": "GET",
    "url": "\/apps\/calendar\/",
    "message": {
        "Exception": "OC\\Authentication\\Exceptions\\InvalidTokenException",
        "Message": "",
        "Code": 0,
        "Trace": [{
            "file": "\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/DefaultTokenProvider.php",
            "line": 201,
            "function": "getToken",
            "class": "OC\\Authentication\\Token\\DefaultTokenProvider",
            "type": "->",
            "args": ["*** sensitive parameter replaced ***"]
        }, {
            "file": "\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/Manager.php",
            "line": 162,
            "function": "renewSessionToken",
            "class": "OC\\Authentication\\Token\\DefaultTokenProvider",
            "type": "->",
            "args": ["*** sensitive parameter replaced ***", "sometoken"]
        }, {
            "file": "\/var\/www\/nextcloud\/lib\/private\/User\/Session.php",
            "line": 823,
            "function": "renewSessionToken",
            "class": "OC\\Authentication\\Token\\Manager",
            "type": "->",
            "args": ["*** sensitive parameter replaced ***", "sometoken"]
        }, {
            "file": "\/var\/www\/nextcloud\/lib\/base.php",
            "line": 1037,
            "function": "loginWithCookie",
            "class": "OC\\User\\Session",
            "type": "->",
            "args": ["*** sensitive parameters replaced ***"]
        }, {
            "file": "\/var\/www\/nextcloud\/lib\/base.php",
            "line": 976,
            "function": "handleLogin",
            "class": "OC",
            "type": "::",
            "args": [{
                "__class__": "OC\\AppFramework\\Http\\Request"
            }]
        }, {
            "file": "\/var\/www\/nextcloud\/index.php",
            "line": 42,
            "function": "handleRequest",
            "class": "OC",
            "type": "::",
            "args": []
        }],
        "File": "\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/DefaultTokenProvider.php",
        "Line": 163,
        "CustomMessage": "--"
    },
    "userAgent": "Mozilla\/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko\/20100101 Firefox\/64.0",
    "version": "15.0.2.0"
}

I have this problem too!
After upgrading to NC 15 the users told me, that the login is sometimes not working (page reloads or sometimes with „login failed“ message). In errorlog is no event logged...

NC 15.0.2 upgraded from NC 14.0.6
PHP 7.3.1
Apache 2.4

Thanks for your reply guys, i hope someone will look into it fast.

Hello,

I had a similar issue regarding the redirect , mine was related to url overwrite protocol option that should be set in config/config.php .
In previous version this was not necessary but apparently since 15.0.2 it is.
So I had to go from (config.php)
{...} 'overwrite.cli.url' => 'https://domain.lu', {...}
to
{...} 'overwrite.cli.url' => 'https://domain.lu', 'overwritehost' => 'domain.lu', 'overwriteprotocol' => 'https', {...}
This did the trick for me..
For information I'm running nextcloud docker behind a reverse proxy (which also handles ssl).
I have found the solution on this thread : nextcloud/server/13713

Hope it helps !

According to my logs, this doesn't seem to resolve the issue for me.

Hi,
I have the same problem on 2 instances (both NC 15.0.2 but different environments: PHP7.0/7.2, psql/mysql, webhost/vserver).
Log on DEBUG level shows no relevant entries. Here is the log after 2 login attemps.
On 3rd attempt the login works.

Level   App Message     Time
Debug   cron    Finished OCA\Support\BackgroundJobs\CheckSubscription job with ID 24 in 0 seconds   
2019-01-23T08:23:21+0100
Debug   cron    Run OCA\Support\BackgroundJobs\CheckSubscription job with ID 24 
2019-01-23T08:23:21+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/search/css/results.scss, ignoring 
2019-01-23T08:23:18+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery.ocdialog.scss, ignoring    
2019-01-23T08:23:18+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/apps/firstrunwizard/css/firstrunwizard.scss, ignoring  
2019-01-23T08:23:18+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/css-variables.scss, ignoring  
2019-01-23T08:23:18+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/server.scss, ignoring 
2019-01-23T08:23:18+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery-ui-fixes.scss, ignoring    
2019-01-23T08:23:18+0100
Debug   core    OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in  
2019-01-23T08:23:18+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/search/css/results.scss, ignoring 
2019-01-23T08:23:15+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery.ocdialog.scss, ignoring    
2019-01-23T08:23:15+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/apps/firstrunwizard/css/firstrunwizard.scss, ignoring  
2019-01-23T08:23:15+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/css-variables.scss, ignoring  
2019-01-23T08:23:15+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/server.scss, ignoring 
2019-01-23T08:23:15+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery-ui-fixes.scss, ignoring    
2019-01-23T08:23:15+0100
Debug   core    OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in  
2019-01-23T08:23:15+0100
Debug   no app in context   No cache entry found for /appdata_ocwdeqeygqfz/css/icons/icons-vars.css.gzip (storage: local::/usr/www/users/ensibo/nextcloud/data/, internalPath: appdata_ocwdeqeygqfz/css/icons/icons-vars.css.gzip)  
2019-01-23T08:23:07+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/search/css/results.scss, ignoring 
2019-01-23T08:23:02+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery.ocdialog.scss, ignoring    
2019-01-23T08:23:02+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/apps/firstrunwizard/css/firstrunwizard.scss, ignoring  
2019-01-23T08:23:02+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/css-variables.scss, ignoring  
2019-01-23T08:23:02+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/server.scss, ignoring 
2019-01-23T08:23:02+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery-ui-fixes.scss, ignoring    
2019-01-23T08:23:02+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/search/css/results.scss, ignoring 
2019-01-23T08:22:56+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/core/css/jquery.ocdialog.scss, ignoring    
2019-01-23T08:22:56+0100
Debug   core    Scss is disabled for /usr/www/users/ensibo/nextcloud/apps/firstrunwizard/css/firstrunwizard.scss, ignoring  
2019-01-23T08:22:56+0100

@tdoerschel This is the same behavior that i have ... exactly the same.

I tried everything in the config.php to fix the login but nothing helped here.
So i think this is not a local server or a plugin problem - i think this is directly a nextcloud problem..

I just ran into the same problem. I am running NC 15.0.2 with PHP 7.3, PSQL and Caddy.
I don't know if this matters but literally seconds before I ran into this the first time, I upgraded Talk, Audio Player and a third plugin which I can't remember :/
My log only shows "Renewing session token failed" and nothing else.

If you are running nextcloud behind a reverse proxy https://github.com/nextcloud/server/issues/13700#issuecomment-456863838 might help you.

What do you mean with reverse proxy? Are we talking about a normal nginx installation as a webserver?

Same issue here. Didn't find any pattern to know when it's gonna loop or not..

Similar issue here as well. The only pattern I may have on my end is if I don't log in for a few days, then the error is more likely to occur and the website takes about 5-10 seconds to load and login automatically (since I never selected to log out on my computer to end my current session). Is Nextcloud having issues recognizing the nc_token cookies and tries to do a "retry" for authentication?

In my case it was the /var/lib/php/sessions folder that got the wrong write access. Removed the old sess-files and changed the owner to nginx (which is the user running the webserver) and i could login again.

@ch0nen thats not the problem / solution.
the login works after several tries (3-4).

the problem you writeing about is a right problem which has nothing to do with the login redirect loop.

It would be awesome if someone of the nextcloud team can look into that problem .. @nickvergessen

Same issue occurs here, I can login /w https reverse proxy, but if I try to access locally (http), it loops. The nginx reverse proxy works without issue via external domain url, but I have having 413 size issues so to trouble shoot, I attempted to login locally using direct network ip and thats where I see the login loop also.

I see no log records, but I am running the docker version, so I do see this in the docker container log which doesn't really tell anything. I even did a search of all files within my container for the ip i am accessing from and it doesnt exist in any files.

[14/Feb/2019:15:43:10 +0000] "GET /login?redirect_url=/apps/files/ HTTP/1.1" 200 5169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"

My install is from

https://hub.docker.com/_/nextcloud/

I have the same problem after upgrading the server to debian 10 and PHP7.3 and activating .htaccess (which I never used before) "AllowOverwrite All" (before that I used None).

• Apache 2.4.38
• Nextcloud 15.0.4

I got same problem with nginx, php-fpm and php 7.2 and fix with changing session folder permission. There is no log about sessions not saved. Check /tmp folder for sess_xxx files. If system not saved session files to configured session.save_path folder then try to system temp folder. Next cloud not read these files from temp folder or it has already read access to session folder. So it is giving error about NotLoggedInException.

Re-set folder owner and permission (for selinux) like below.

chown -R nginx:nginx /var/lib/php
chcon -t httpd_sys_rw_content_t -R /var/lib/php

Note: Check current php-fpm user and session folder in php_info page.

I was able to fix this issue by clearing my browser cache for this specific website.

Hope this helps someone.

It helps only for first re-login.
After logging out, closing and re-opening the browser, I had to login 2 times again (well, at least only 2 times. sometimes it asks 4-5 times).

Therefore, clearing browser cache is not a solution.

Clearing the browser cache is a "one-time help", the problem comes immediately back.

@LukasK13 Thanks for the workaround; I'm accessing my web portal exclusively via FF private mode, but at least I _can_ access it.

I've seen this problem crop up before, and it always seems to revolve around tweaking one line of code in DefaultTokenProvider. (a-la https://github.com/nextcloud/server/pull/9802/files) but that doesn't seem to do the trick this time.

@Qrbaker
Thanks for the idea. It also does not work for me. I tried both versions of the codeline. Each time only the first login works, but every consecutive login requires multiple attemps again.

Issue still present in NC 15.0.5

Hi,

I having the same issue.
It only work if I'm using private mode with Google Chrome.

on 15.0.5 i fixed my login loop with
sudo -u www-data php occ maintenance:repair

I use reverse proxy with docker container and Lets Encrypt HTTPS and the solution on https://github.com/nextcloud/server/issues/13700#issuecomment-456863838 helped me!!

Huge thanks to @kesselb!

I added 127.0.0.1 and localhost as trusted proxy and also added the overwritehost/protocol.

Hello,

as a few wrote already that wont help on standalone but seems like it is fixed since the last updates, can someone confirm this?

Simon

Von meinem iPhone gesendet

Am 31.03.2019 um 14:03 schrieb Richard Popeliš notifications@github.com:

I use reverse proxy with docker container and the solution on #13700 (comment) helped me!!

Huge thanks to @kesselb!

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

I used a fresh install from today, so it's possible that it's unrelated.

Dňa ne 31. 3. 2019, 16:00 Knot3n notifications@github.com napísal(a):

Hello,

as a few wrote already that wont help on standalone but seems like it is
fixed since the last updates, can someone confirm this?

Simon

Von meinem iPhone gesendet

Am 31.03.2019 um 14:03 schrieb Richard Popeliš <[email protected]
:

I use reverse proxy with docker container and the solution on #13700
(comment) helped me!!

Huge thanks to @kesselb!

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/nextcloud/server/issues/13431#issuecomment-478344474,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABKq3Mp7HOhH2Z8zbh5BNzy_y9INv0-Cks5vcL9xgaJpZM4Z2B-h
.

Investigating a bit, many users had a lot of login_token stored in oc_preferences (240k tokens vs 40k. users - I had ~100 tokens for my own account).
I don't know why this happened, but maybe there should be a repair job to delete expired tokens (cc @rullzer )

I ended up deleting all login_token in the oc_preferences table, which leads to all users having to log again in their browser (shouldn't affect synced devices with main password or app passwords).

Please don't do this without investigating if you have the same symptoms first

delete from oc_preferences where appid = 'login_token';

I still didn't see the renewing session token issue in the logs after a few hours (it happened really frequently before). Also our server is doing far better somehow.

me too from this error: Renewing session token failed

but only if I use the mac / ios client. from web browser it works perfectly.

I'm going crazy

I ran into this same issue today after I did a yum update, and these packages got updated

Apr 04 15:00:58 Updated: php72-php-common-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-json-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-pdo-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-mysqlnd-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-opcache-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-mbstring-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-process-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:58 Updated: php72-php-fpm-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:59 Updated: php72-php-cli-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:59 Updated: php72-php-intl-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:59 Updated: php72-php-xml-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:59 Updated: php72-php-ldap-7.2.17-1.el7.remi.x86_64
Apr 04 15:00:59 Updated: php72-php-gd-7.2.17-1.el7.remi.x86_6

I'm using the remi php72 and running on Centos 7 and nginx.

I found that after the update, the /var/opt/remi/php72/lib/php/session and /var/opt/remi/php72/lib/php/opcache folders got changed from root:nginx to root:apache. I had to chmod -R root:nginx on those directories and then my login loop was fixed.

Guys please stop writeing that chown rights to session folder would help. Thats another issue (Sysadmin issue) if you update PHP and have PHP-FPM configured right then a update would not interrupt your php setup.

This has nothing to do with the directory rights.

I have experienced today the login loop issue as well.

I was updating my server to 15.0.6. After the update I was able to use nextcloud without issues.

I am using php7.2. Today I wanted to update to 7.3 and once I switched the php handler in my nginx config file to

server unix:/run/php/php7.3-fpm.sock;

the login loop appeared. Switching back to php7.2 solved the problem on my side. This makes me think, that my php7.3 is configured differently and the problem lays in the php configuration.

Edit: By using the php.ini from the 7.2 in the 7.3 installation seems to solve the problem. My files are modified according to c-rieger (https://www.c-rieger.de/nextcloud-installation-guide-ubuntu/#c01)

Guys please stop writeing that chown rights to session folder would help. Thats another issue (Sysadmin issue) if you update PHP and have PHP-FPM configured right then a update would not interrupt your php setup.

This has nothing to do with the directory rights.

The install guide and all other guides I've read include the chown command to set initial permissions for the sessions directory. Using the default install for php-fpm and having a yum update for php-pfm set the ownership from nginx back to apache is indeed an issue that others on here would like to be aware of I'm sure.

Guys please stop writeing that chown rights to session folder would help. Thats another issue (Sysadmin issue) if you update PHP and have PHP-FPM configured right then a update would not interrupt your php setup.
This has nothing to do with the directory rights.

The install guide and all other guides I've read include the chown command to set initial permissions for the sessions directory. Using the default install for php-fpm and having a yum update for php-pfm set the ownership from nginx back to apache is indeed an issue that others on here would like to be aware of I'm sure.

Sure, but that has nothing to do with the thread / issue. So thats why we shouldnt spam this issue full of not related comments.

Is it fixed in 15.0.6?
It is available in the prod channel, but no changelog about this version:
https://nextcloud.com/changelog/

Changelog for 15.0.6 is now published, I only see one thing related to login:
Fix "Undefined index: user_uid" on login page (server#14339)

My users are still experiencing the loop.

https://github.com/nextcloud/server/issues/14819 might be true for some of you. Sounds similar to the case @tcitworld described.

Hi, I was having this exact problem where after the correct login the user was being redirected again to the login page. In my case the issue was caused by running the webserver behind Varnish, I disabled caching for the nextcloud virtual host and started working.

Hope this help somebody.

I have this problem on a fresh install of Nextcloud 16 on FreeBSD installed via packages.
As soon as I am done with the initial setup form and submit it, I get the redirects error and I cannot login.
Nothing that I do rectifies this, I have tried all sorts of fixes laid out in this thread and similar ones.
I am at a loss. Anyone have any idea what I can try next?

In my case, I have specified Redis as the Session Path. At this time, depending on the PHP version, there is no problem with login or it enters a login loop. When I get into the login loop, I give up specifying Redis as Session Path, and change the setting of php.ini as follows.

session.save_handler = files
session.save_path = "/var/lib/php/session"

I am in a login loop with PHP 7.3.3 and 7.3.5. This time should I adjust something in Redis?
Redis in memcache.locking is working properly.

Still same problem for me, and I tried remove the login_token, use the overwrite_protocol for https (I'm behing a caddy proxy that auto generates LE certificates.
So I also added the trusted_proxies + the forwarded_for_headers. At least, this one suppressed the messages on the login screen telling me that I had too many wrong attempts of login from the same IP.

But still. I can't connect my desktop nextcloud app (2.5.2git), and my phone app neither (access forbidden on the new login screen, and crash on the old one).
It's really getting problematic because I really do use the share function for work.

We are also having trouble with this at cloud.infini.fr. Our setup could be resumed like this :

• nextcloud is served by apache on debian stretch with PHP 7.2.19 behind nginx acting as a reverse proxy (nginx proxies are well defined in config with trusted_proxies).
• sessions are stored in two memcached servers

Like @tcitworld i've tested to delete the multiple entries of login_token in the oc_preferences table for a test account and it doesn't solve the problem.

One other thing i've observed is that the settings/users page have a strange behavior : once i'm on this page, every time i try to scoll down to show more users, or to switch from one group to another, i'm disconnected with this error in the logs :

[core] Debug: OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in at <<closure>>

0. /var/www/infini/nextcloud/nextcloud-16.0.1/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php line 95

OC\AppFramework\Middleware\Security\SecurityMiddleware->beforeController(OC\Settings\Cont ... {}, "index")
1. /var/www/infini/nextcloud/nextcloud-16.0.1/lib/private/AppFramework/Http/Dispatcher.php line 98

OC\AppFramework\Middleware\MiddlewareDispatcher->beforeController(OC\Settings\Cont ... {}, "index")
2. /var/www/infini/nextcloud/nextcloud-16.0.1/lib/private/AppFramework/App.php line 126
   OC\AppFramework\Http\Dispatcher->dispatch(OC\Settings\Cont ... {}, "index")
3. /var/www/infini/nextcloud/nextcloud-16.0.1/lib/private/AppFramework/Routing/RouteActionHandler.php line 47
   OC\AppFramework\App::main("OC\\Settings\\C ... r", "index", OC\AppFramework\ ... {}, {section: "perso ... "})
4. <<closure>>
   OC\AppFramework\Routing\RouteActionHandler->__invoke({section: "perso ... "})
5. /var/www/infini/nextcloud/nextcloud-16.0.1/lib/private/Route/Router.php line 297
   undefinedundefinedcall_user_func(OC\AppFramework\ ... {}, {section: "perso ... "})
6. /var/www/infini/nextcloud/nextcloud-16.0.1/lib/base.php line 975
   OC\Route\Router->match("/settings/user")
7. /var/www/infini/nextcloud/nextcloud-16.0.1/index.php line 42
   OC::handleRequest()

GET /settings/user 

Does anyone in this thread have this problem too ?

I did - but solution was - in the end obvious.

On Centos 7; nginx with php 7.3.5 all working. Upgraded php to 7.3.6 all looping :P

I used remi repos to upgrade and found, they reset the php working directory permissions for everything at /var/lib/php -> session; opcache and wsdlcache

so I reset to what I have set nginx user and php-fpm user settings to ( aka /etc/nginx/nginx.conf and /etc/php-fpm.d/www.conf )

and all sorted

Hope that helps some people - or at least lets you know where to be looking - heh

Cheers

I am having this issue as well.

I checked my sessions permissions and all of that checks out fine. I am running two Nextcloud servers behind HAProxy with SSL Termination and port 80 backend to Nextcloud servers.

Logins to the browser work perfectly fine, LDAP authenticates fine as well in browser. The only time i was able to login to the mobile app was when it asked me to login with the "old" method.
I only get the login loop on Mobile app and Desktop app. Here are some snippets from the server logs i am getting:

Bind failed: 49: Invalid credentials
Login failed: 'username' (Remote IP: '10.45.92.31')
Configuration Error (prefix s01): either no password is given for the user agent or a password is given, but not an LDAP agent.

EDIT: I dont know if this is related to anyones issue or even mine - but my login loops seems to be related to my Loadbalancing. I do loadbalancing with sticky sessions via a SERVERID cookie that is set. It seems like the Android app might not be able to set cookies or see/accept them from the loadbalancer possibly? I was watching my HAProxy stats when trying to login and i would see sessions pop up on both backend nextcloud servers. Once i took one of my servers out of the backend and only had one server I was able to login via mobile since my sessions only stuck to one server. I'm going to try and figure out if i can use Redis to have a shared session storage.

@Beeez As this seems to be a setup issue I would like to ask you to raise your question in the forums: https://help.nextcloud.com or create a new issue. This issue is not related to ldap.

Hello,
Is this problem being discuss or even being solved ? :)
It occurs very often and it's veeeerry annoying for end users.
I can help to tests some solutions, give some information etc.
Thanks !

Since nothing seems to happen and it caused my desktop client to completely stop functioning I created a work around by using an older version into a docker container with a way to run it in the host X11 server thanks to the great knowledge of @jessfraz .
It's available here

Somehow, the android client still syncs? So I'm good on this side. But this problem is really annoying and makes the whole thing useless. I was on the verge of passing a client on it, and now I'm not.

No problem with any desktop client in my side.

Okay. The current status of this issue is "0. needs triage". That means someone has to find a way to reproduce this issue.

If you want to help please share the issue template but first check the permissions for php-fpm / session folder are valid (the user running php-fpm is able to create and read files from session folder).

@dolanor your case sounds like a different issue (because the initial report is about the web client). You mentioned that it started with Nextcloud 15. There were some security hardening which ignores headers from reverse proxies if not whitelisted. If you are running Nextcloud behind a reverse proxy (e.g. as docker container) please check https://docs.nextcloud.com/server/16/admin_manual/configuration_server/reverse_proxy_configuration.html (overwritehost and overwriteproto). If that doesn't work please create a new issue.

@Acar83 see above (the statment for dolanor)

I've done: https://github.com/nextcloud/server/issues/13431#issuecomment-491788055

I made a mistake with overwriteprotocol that I wrote overwrite_protocol. Let's see about that.

EDIT: THAT WAS THAT!
Thanks all. Don't need my overly complex Docker setup with previous version of the client! That's a relief.

Okay. The current status of this issue is "0. needs triage". That means someone has to find a way to reproduce this issue.

If you want to help please share the issue template but first check the permissions for php-fpm / session folder are valid (the user running php-fpm is able to create and read files from session folder).

@dolanor your case sounds like a different issue (because the initial report is about the web client). You mentioned that it started with Nextcloud 15. There were some security hardening which ignores headers from reverse proxies if not whitelisted. If you are running Nextcloud behind a reverse proxy (e.g. as docker container) please check https://docs.nextcloud.com/server/16/admin_manual/configuration_server/reverse_proxy_configuration.html (overwritehost and overwriteproto). If that doesn't work please create a new issue.

@Acar83 see above (the statment for dolanor)

As @Knot3n said several times, it doesn't seem to be linked with writing rights in this directory
I'm not sure about my session folder For me /var/lib/php/sessions is drwx-wx-wt 2 root root 4096 mars 3 09:46 sessions

And here is my issue template :

name: Nextcloud 15 - redirect loop login / Renewing session token failed
about: Help us improving by reporting a bug

labels: bug, 0. Needs triage, feature : authentication

Steps to reproduce

1. Open your nextcloud in web browser
2. Be disconnected
3. Try to connect with the right password
4. Sometimes, it loops in web authentication page, with no error message.

Expected behaviour

We should be connected

Actual behaviour

It lopps in the web page authentication

Server configuration

Operating system:
Ubuntu 18.04.2 LTS

Web server:
Nginx

Database:
MariaDb

PHP version:
7.2.19

Nextcloud version:
Nextcloud 16.0.3

Updated from an older Nextcloud/ownCloud or fresh install:
Update from a Nextcloud 15

Where did you install Nextcloud from:
I'm not sur to understand. I followed these tutorials

Signing status:

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- files_rightclick
    - EXTRA_FILE
        - README.md

Raw output
==========
Array
(
    [files_rightclick] => Array
        (
            [EXTRA_FILE] => Array
                (
                    [README.md] => Array
                        (
                            [expected] => 
                            [current] => cf73849388838de5037624e53303618579b164ec69fd55834ce4c5332ae33f778839e36298cbcc8ede90620927e076dbb8883479754e4c09b0491b15bf7653f3
                        )

                )

        )

)

List of activated apps:

Enabled:
  - accessibility: 1.2.0
  - activity: 2.9.1
  - calendar: 1.7.0
  - cloud_federation_api: 0.2.0
  - comments: 1.6.0
  - contacts: 3.1.3
  - dav: 1.9.2
  - deck: 0.6.4
  - federatedfilesharing: 1.6.0
  - federation: 1.6.0
  - files: 1.11.0
  - files_pdfviewer: 1.5.0
  - files_rightclick: 0.13.0
  - files_sharing: 1.8.0
  - files_texteditor: 2.8.0
  - files_trashbin: 1.6.0
  - files_versions: 1.9.0
  - files_videoplayer: 1.5.0
  - firstrunwizard: 2.5.0
  - gallery: 18.3.0
  - logreader: 2.1.0
  - lookup_server_connector: 1.4.0
  - nextcloud_announcements: 1.5.0
  - notifications: 2.4.1
  - oauth2: 1.4.2
  - onlyoffice: 2.4.0
  - password_policy: 1.6.0
  - privacy: 1.0.0
  - provisioning_api: 1.6.0
  - recommendations: 0.4.0
  - sentry: 4.0.0
  - serverinfo: 1.6.0
  - sharebymail: 1.6.0
  - sharerenamer: 2.6.0
  - spreed: 6.0.2
  - support: 1.0.0
  - systemtags: 1.6.0
  - theming: 1.7.0
  - twofactor_backupcodes: 1.5.0
  - updatenotification: 1.6.0
  - viewer: 1.0.0
  - workflowengine: 1.6.0
Disabled:
  - admin_audit
  - announcementcenter
  - caniupdate
  - encryption
  - files_external
  - quota_warning
  - survey_client
  - user_ldap

Nextcloud configuration:

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "nuage-test.grap.coop"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "nuage-test.grap.coop",
        "dbtype": "mysql",
        "version": "16.0.3.0",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "activity_expire_days": 14,
        "auth.bruteforce.protection.enabled": true,
        "blacklisted_files": [
            ".htaccess",
            "Thumbs.db",
            "thumbs.db"
        ],
        "cron_log": true,
        "enable_previews": true,
        "enabledPreviewProviders": [
            "OC\\Preview\\PNG",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\GIF",
            "OC\\Preview\\BMP",
            "OC\\Preview\\XBitmap",
            "OC\\Preview\\Movie",
            "OC\\Preview\\PDF",
            "OC\\Preview\\MP3",
            "OC\\Preview\\TXT",
            "OC\\Preview\\MarkDown"
        ],
        "filesystem_check_changes": 0,
        "filelocking.enabled": "true",
        "htaccess.RewriteBase": "\/",
        "integrity.check.disabled": false,
        "knowledgebaseenabled": false,
        "logfile": "\/var\/nc_data\/nextcloud.log",
        "loglevel": 2,
        "logtimezone": "Europe\/Berlin",
        "log_rotate_size": 104857600,
        "maintenance": false,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "overwriteprotocol": "https",
        "preview_max_x": 1024,
        "preview_max_y": 768,
        "preview_max_scale_factor": 1,
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0
        },
        "quota_include_external_storage": false,
        "share_folder": "\/Partag\u00e9s avec toi",
        "skeletondirectory": "",
        "theme": "",
        "trashbin_retention_obligation": "auto, 7",
        "updater.release.channel": "stable",
        "onlyoffice": {
            "verify_peer_off": true
        },
        "default_language": "fr",
        "default_locale": "fr",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl",
        "mail_smtpauth": "1",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "data-fingerprint": "b2dec10f73397562e346b466c90d6e9d",
        "sentry.dsn": "http:\/\/[email protected]:9000\/7",
        "sentry.minimum.log.level": 3,
        "sentry.public-dsn": "http:\/\/[email protected]:9000\/7",
        "app_install_overwrite": [
            "spreed",
            "caniupdate"
        ]
    }
}

Are you using external storage, if yes which one:
No

Are you using encryption:
No

Are you using an external user-backend, if yes which one:
No

Client configuration

Browser:
Firefox or Chrome

Operating system:
Ubuntu or Windows

WIP : at the moment i can't reproduce the bug (it occurs randomly..) so i let this template's part empty for the moment

Logs

Web server error log

2019/07/31 10:09:17 [error] 25613#25613: *4179 connect() failed (111: Connection refused) while connecting to upstream, client: 86.202.74.185, server: nuage-test.grap.coop, request: "POST /login?redirect_url=/apps/files/ HTTP/2.0", upstream: "fastcgi://127.0.0.1:9000", host: "nuage-test.grap.coop"
2019/07/31 10:09:39 [error] 25613#25613: *4179 connect() failed (111: Connection refused) while connecting to upstream, client: 86.202.74.185, server: nuage-test.grap.coop, request: "GET /login?redirect_url=/apps/files/ HTTP/2.0", upstream: "fastcgi://127.0.0.1:9000", host: "nuage-test.grap.coop"
2019/07/31 10:09:59 [error] 25613#25613: *4179 connect() failed (111: Connection refused) while connecting to upstream, client: 86.202.74.185, server: nuage-test.grap.coop, request: "GET /settings/user HTTP/2.0", upstream: "fastcgi://127.0.0.1:9000", host: "nuage-test.grap.coop"

Nextcloud log (data/nextcloud.log)

No log.. i didn't find the log file (where is it ?) but i download it from web app.

Browser log

Okay. The current status of this issue is "0. needs triage". That means someone has to find a way to reproduce this issue.
If you want to help please share the issue template but first check the permissions for php-fpm / session folder are valid (the user running php-fpm is able to create and read files from session folder).
@dolanor your case sounds like a different issue (because the initial report is about the web client). You mentioned that it started with Nextcloud 15. There were some security hardening which ignores headers from reverse proxies if not whitelisted. If you are running Nextcloud behind a reverse proxy (e.g. as docker container) please check https://docs.nextcloud.com/server/16/admin_manual/configuration_server/reverse_proxy_configuration.html (overwritehost and overwriteproto). If that doesn't work please create a new issue.
@Acar83 see above (the statment for dolanor)

As @Knot3n said several times, it doesn't seem to be linked with writing rights in this directory
I'm npot sur about my session folder For me /var/lib/php/sessions is drwx-wx-wt 2 root root 4096 mars 3 09:46 sessions

You need to give PHP-FPM the rights for the folders.

not root:root its nginx:nginx in your case (because you have nginx for webserver even you should check the php-fpm config which user is set.)

The problem in this issue is that many people have problems with their privileges (PHP-FPM / NGINX / APACHE) and don't set their configing correctly and therefore unfortunately end up on this ticket here.

But as mentioned before - this issue has nothing to do with PHP / PHP - FPM rights.

You need to give PHP-FPM the rights for the folders.

not root:root its nginx:nginx in your case (because you have nginx for webserver even you should check the php-fpm config which user is set.)

The problem in this issue is that many people have problems with their privileges (PHP-FPM / NGINX / APACHE) and don't set their configing correctly and therefore unfortunately end up on this ticket here.

Ok so I find my php-fpm user in /etc/php/7.2/fpm/pool.d/www.conf (can you confirm that it's ok ?)
In this case, I have www-data

• I change sessions folder rigths to www-data www-data
• I restart php-fpm service

Everything seems juste fine. Question :
My sessions folder is always empty, it is supposed to be empty ?

But as mentioned before - this issue has nothing to do with PHP / PHP - FPM rights.

I'm confused with this sentence. Am-i right if I say :
The issue has nothing to do with php-rights if sessions rights are well configured ?

If your Webserver is nginx you should change in

/etc/php/7.2/fpm/pool.d/www.conf

the rights to nginx.

even the folder rights to nginx:nginx.

I'm confused with this sentence. Am-i right if I say :

The issue has nothing to do with php-rights if sessions rights are well configured ?

If PHP-FPM and or session folder are configured well then hopefully everything works fine.

I mean with that sentence that this ticket here has nothing to do with your problem - its even more layer 8 problem because of wrong configuration.
When its right configured then sessions should be written up in the folder.

If your Webserver is nginx you should change in

/etc/php/7.2/fpm/pool.d/www.conf

the rights to nginx.

even the folder rights to nginx:nginx.

My Nginx user is www-data so in my opinion, I have to keep it like that.

My /etc/php/7.2/fpm/pool.d/www.conf file lists www-data:www-data as user and group. My sessions folder also is set permissions wise to this: drwxrwxrwx 2 www-data www-data 12288 Jul 29 13:18 sessions/

My sessions folder is not empty and I see sessions appear with logins. My sessions directory is shared between two Nextcloud servers.

Edit: Sessions folders themselves int he directory are -rw------- 1 www-data www-data 402 Jul 29 13:18 sess_0______

Ok so actually my session folder was /usr/local/tmp/sessions with drwxrwxrwt 2 www-data root and sessions appear with logins, so it seems to work fine for this part, sorry for disturbance.

What makes you think the default permissions need to be adjusted?

/var/lib/php/

├── [drwxr-xr-x root     root     4.0K Aug 10  2018]  php
    ├── [drwxr-xr-x root     root     4.0K Jul 20 13:18]  modules
    └── [drwx-wx-wt root     root      40K Jul 29 11:45]  sessions
        ├── [-rw------- www-data www-data 1.0K Jul 29 11:19]  sess_REDACTED_01
        ├── [-rw------- www-data www-data 1.0K Jul 29 11:36]  sess_REDACTED_02
        ├── [-rw------- www-data www-data 1.2K Jul 29 11:30]  sess_REDACTED_03
        ├── [-rw------- www-data www-data 1.0K Jul 29 11:34]  sess_REDACTED_04

Notice "t"

drwx-wx-wt 2 root root 40960 Jul 29 11:49 /var/lib/php/sessions/

Good info at https://askubuntu.com/questions/432699/what-is-the-t-letter-in-the-output-of-ls-ld-tmp

I edit my issue template post with nginx logs.↓

2019/07/31 10:09:17 [error] 25613#25613: *4179 connect() failed (111: Connection refused) while connecting to upstream, client: 86.202.74.185, server: nuage-test.grap.coop, request: "POST /login?redirect_url=/apps/files/ HTTP/2.0", upstream: "fastcgi://127.0.0.1:9000", host: "nuage-test.grap.coop"
2019/07/31 10:09:39 [error] 25613#25613: *4179 connect() failed (111: Connection refused) while connecting to upstream, client: 86.202.74.185, server: nuage-test.grap.coop, request: "GET /login?redirect_url=/apps/files/ HTTP/2.0", upstream: "fastcgi://127.0.0.1:9000", host: "nuage-test.grap.coop"
2019/07/31 10:09:59 [error] 25613#25613: *4179 connect() failed (111: Connection refused) while connecting to upstream, client: 86.202.74.185, server: nuage-test.grap.coop, request: "GET /settings/user HTTP/2.0", upstream: "fastcgi://127.0.0.1:9000", host: "nuage-test.grap.coop"

Didn't find nextcloud log (where is it supposed to be written ?) but i download it from web app and nothing seems to be written

Is this related to the login loop happening here?
https://github.com/nextcloud/android/issues/3623

Is there a way to disable the whole session feature and revert back to the old, simple login method?

Index: lib/private/User/Session.php
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- lib/private/User/Session.php    (revision 7b8ddd7e958bfbf7dbddf38aca2c789310e3d1a4)
+++ lib/private/User/Session.php    (date 1565600831385)
@@ -842,6 +842,7 @@
        } catch (SessionNotAvailableException $ex) {
            return false;
        } catch (InvalidTokenException $ex) {
+           \OC::$server->getLogger()->logException($ex, ['app' => 'core']);
            \OC::$server->getLogger()->warning('Renewing session token failed', ['app' => 'core']);
            return false;
        }

Could someone with the login loop apply this patch and check the logs for the exception?

@derekblankmccoy please open a new issue. This one is already to crowded.

I dont seem to be getting any different logging after adding that. Same thing.

````{"reqId":"Wy90fCHT8UWAbEk8s87r","level":2,"time":"2019-08-12T20:10:13+00:00","remoteAddr":"10.45.92.31","user":"--","app":"user_ldap","method":"GET","url":"\/index.php\/204","message":"Bind failed: 49: Invalid credentials","userAgent":"Mozilla\/5.0 (Android) Nextcloud-android\/3.7.1","version":"16.0.1.1"}
{"reqId":"dLmMgibplMMH5CjxFLQY","level":2,"time":"2019-08-12T20:10:13+00:00","remoteAddr":"10.45.92.31","user":"--","app":"user_ldap","method":"GET","url":"\/index.php\/204","message":"Bind failed: 49: Invalid credentials","userAgent":"Mozilla\/5.0 (Android) Nextcloud-android\/3.7.1","version":"16.0.1.1"}
{"reqId":"Wy90fCHT8UWAbEk8s87r","level":2,"time":"2019-08-12T20:10:13+00:00","remoteAddr":"10.45.92.31","user":"--","app":"core","method":"GET","url":"\/index.php\/204","message":"Login failed: '' (Remote IP: '10.45.92.31')","userAgent":"Mozilla\/5.0 (Android) Nextcloud-android\/3.7.1","version":"16.0.1.1"}
{"reqId":"dLmMgibplMMH5CjxFLQY","level":2,"time":"2019-08-12T20:10:13+00:00","remoteAddr":"10.45.92.31","user":"--","app":"core","method":"GET","url":"\/index.php\/204","message":"Login failed: '' (Remote IP: '10.45.92.31')","userAgent":"Mozilla\/5.0 (Android) Nextcloud-android\/3.7.1","version":"16.0.1.1"}

@Beeez different story. Check the first post the reporter has login loops with the web client and does not use ldap. Bind failed: 49: Invalid credentials something is wrong with your ldap setup. Please use the search or https://help.nextcloud.com. Thank you!

@kesselb
This is pretty much what I had in my second message.

{
    "reqId": "HfzySeZNEjdOk6VQgKWL",
    "level": 3,
    "time": "2019-08-13T12:47:52+00:00",
    "remoteAddr": "ipv6",
    "user": "--",
    "app": "core",
    "method": "GET",
    "url": "\//",
    "message": {
        "Exception": "OC\\Authentication\\Exceptions\\InvalidTokenException",
        "Message": "",
        "Code": 0,
        "Trace": [{
            "file": "\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/DefaultTokenProvider.php",
            "line": 201,
            "function": "getToken",
            "class": "OC\\Authentication\\Token\\DefaultTokenProvider",
            "type": "->",
            "args": ["*** sensitive parameters replaced ***"]
        }, {
            "file": "\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/Manager.php",
            "line": 162,
            "function": "renewSessionToken",
            "class": "OC\\Authentication\\Token\\DefaultTokenProvider",
            "type": "->",
            "args": ["*** sensitive parameter replaced ***", "ssv01iseg2189ootdfmlbg0afu"]
        }, {
            "file": "\/var\/www\/nextcloud\/lib\/private\/User\/Session.php",
            "line": 828,
            "function": "renewSessionToken",
            "class": "OC\\Authentication\\Token\\Manager",
            "type": "->",
            "args": ["*** sensitive parameter replaced ***", "ssv01iseg2189ootdfmlbg0afu"]
        }, {
            "file": "\/var\/www\/nextcloud\/lib\/base.php",
            "line": 1025,
            "function": "loginWithCookie",
            "class": "OC\\User\\Session",
            "type": "->",
            "args": ["*** sensitive parameters replaced ***"]
        }, {
            "file": "\/var\/www\/nextcloud\/lib\/base.php",
            "line": 964,
            "function": "handleLogin",
            "class": "OC",
            "type": "::",
            "args": [{
                "__class__": "OC\\AppFramework\\Http\\Request"
            }]
        }, {
            "file": "\/var\/www\/nextcloud\/index.php",
            "line": 42,
            "function": "handleRequest",
            "class": "OC",
            "type": "::",
            "args": []
        }],
        "File": "\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/DefaultTokenProvider.php",
        "Line": 163,
        "CustomMessage": "--"
    },
    "userAgent": "Mozilla\/5.0 (X11; Fedora; Linux x86_64; rv:68.0) Gecko\/20100101 Firefox\/68.0",
    "version": "16.0.3.0"
}

I upgraded from NC 15.02 to 15.10 and am stuck with the same issue.

Upgrading further to 16.0.4 didn't help.

The solution with overwritehost and overwriteprotocol in config.php didn't help.

The write access fix for /var/lib/php/sessions doesn't work either, because there is no such directory. (I'm using the 15.0.10-apache Docker image)

It was mentioned, that the login works after a certain amount of tries, but this is not the case here. I can try as often as I want, I always get redirected back to the login screen.

I've been searching for a solution to this the entire day now, w/o luck.

@feluxe Please use https://github.com/nextcloud/server/issues/new?labels=bug%2C+0.+Needs+triage&template=Bug_report.md to create a new issue.

Triage is impossible without the issue template. If you don't see "Renewing session token failed" in your logs its a different story. Thanks!

Same issue.
Any fixes?

Please use https://github.com/nextcloud/server/issues/new?labels=bug%2C+0.+Needs+triage&template=Bug_report.md to create a new issue.

Triage is impossible without the issue template. If you don't see "Renewing session token failed" in your logs its a different story. Thanks!

@KarelWintersky

Hey! I locked this issue because there are many possible reasons for "login loops". It's hard to triage such problems without the issue template. Please create a new issue if you run into the same or a similar problem. If you don't see "Renewing session token failed" in your logs its a different story anyway. Thanks!

Hi,
I also face this problem since NC15 (or even earlier). It seemed to be less at some point, but also with the latest version I need to login 3 times every morning.

Is this still the right issue here?

Nextcloud server Version: 18.0.4
PHP Version: 7.3.17
mysql Version: 5.7.30
Browser: Firefox 76.0
Can I give you any further useful information?

I was unable to login with non-web clients on a fresh install (NC 18.0.4, PHP 7.3.17), error was "nextcloud login flow v2 "/login.v2/poll - Server replied: Bad Request"
The solution using 'overwriteprotocol' => 'https', worked for me.
Cheers

Same issue occurred here with NC 19 and adding some overwrite- lines to config.php didn't worked. Also I already set session auto start to 0 but it was not a solution.

I use php-fpm 7.4.3 with nginx 1.17.10 and memcached on Ubuntu 20.04.

I checked cookies when the problem occurred, and I found there're still some session information like nc_session_id, nc_username and so on.

I installed nextcloud yesterday and I don't know the exact mechanism how nextcloud operates, so I made my own "stupid" patch for this problem and in my case this seems work.

I deleted that HTTPonly cookies only when entered login page without POSTed login information.
I modified: (NC dir)/core/templates/login.php

<?php /** @var $l \OCP\IL10N */ ?>
<?php
script('core', 'dist/login');
if (empty($_POST['requesttoken'])) {
        setcookie('nc_session_id', '', time() - 3600);
        setcookie('nc_username', '', time() - 3600);
        setcookie('nc_token', '', time() - 3600);
}
?>
/* (omitted) */

I'll report if the problem keep occurring or any side effects on my stupid solution are observed.

* after I change cache from memcached to apcu, the problem resolved (without my patch above)

Running CentOS 8 with Nginx is sometimes a problem when updating php packages. I noticed after I did a dnf/yum update, php was updated, it changed the ownership back to apache from nginx which is annoying AF. I too was stuck until I ensured my /var/lib/php was properly setup with the correct owner (in my case nginx). After updating the ownership and applying the proper SELINUX context login was up and working. Oddly webdav seemed to work but using the web portal kept redirecting back to the login due to being unable to create the session /var/lib/php/sessions. Sadly logs I searched for Nginx and Nextcloud tell you nothing. Thanks goes to the previous folks that gave this advice. I owe you a virtual beer. 👍

Changing the cache is not an option for me. Hope a fix for this bug will be found soon.