Always »Token expired...« message on Chrome on iOS (News app)

[cosenal]

Steps to reproduce

1. Open ownCloud on Chrome on iOS
2. Go to News app
3. Reload the page

Expected behaviour

A compact view of the app should load

Actual behaviour

The message »Token expired or app not enabled!« pops up and reloading the page doesn't help.

Server configuration

Operating system: Arch Linux

Web server: Apache/2.4.16 (Unix)

Database: SQLite

PHP version: 5.6.12

ownCloud version: 8.2 pre alpha (git) aka master

List of activated apps:

Enabled:
  - files: 1.1.11
  - files_sharing: 0.6.3
  - files_texteditor: 0.4
  - files_versions: 1.0.6
  - mailsharenewsplugin: 0.0.1
  - news: 6.0.3
  - provisioning_api: 0.2
Disabled:
  - contacts
  - encryption
  - files_external
  - files_trashbin
  - mail
  - user_ldap
  - user_webdavauth

The content of config/config.php:

{
    "system": {
        "instanceid": "oc93c56bzuxh",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "tchosky.pagekite.me",
            "192.168.1.128"
        ],
        "datadirectory": "\/srv\/http\/owncloud\/data",
        "overwrite.cli.url": "http:\/\/localhost\/owncloud",
        "dbtype": "sqlite3",
        "version": "8.2.0.4",
        "logtimezone": "UTC",
        "installed": true,
        "theme": "",
        "maintenance": false,
        "loglevel": 0,
        "app.mail.imaplog.enabled": true,
        "debug": true,
        "singleUser": true
    }
}

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Chrome 45.0.2454.68

Operating system: iOS 8.4.1

Logs

Web server error log

nothing relevant here

ownCloud log (data/owncloud.log)

{"reqId":"zGKTtUmY28N1bYL5o9sF","remoteAddr":"192.168.1.133","app":"no app in context","message":"CSRF check failed","level":0,"time":"2015-09-08T09:05:40+00:00","method":"GET","url":"\/owncloud\/index.php\/apps\/news\/settings"}

Browser log

hmm, how do I F12 here? :)

Notes: previously opened in News repo, see owncloud-archive/news#854

cc: @BernhardPosselt @LukasReschke

[karlitschek]

@LukasReschke any idea?

[oparoz]

It's the same problem on desktop browsers. Apps stop working all the sudden because the token is no longer valid. If it times out after x seconds of inactivity, the user should be logged out at the same time it expires.

[cosenal]

@oparoz I am not sure we are talking about the same issue. I can't reproduce it on any desktop browser and in fact, it works fine even on Chrome on Android.
I am talking about a white screen and the app completely not working as soon as you log in, not after a time out.

[oparoz]

Ah, true, I'm affected by both. A blank screen with an error 500 in the background and the timeout issue.

[LukasReschke]

Ah, true, I'm affected by both. A blank screen with an error 500 in the background and the timeout issue.

If people would only post the actual error message 🙊

[oparoz]

Indeed! ;)
I've checked the error log when I get the 500 after logging in and it's due to a problem with guzzle/http used in gallery's dev env, so nothing to do with core.
I'll report back when I get the other error.

[oparoz]

Regression from this commit 6a3fb0d from @LukasReschke

[oparoz]

Any app using the AppFramework per example will break because every ajax connection they make will be rejected with a 412.

If you comment out this line, then things work again, because sessions are not encrypted any more.

core/lib/base.php

Line 461 in b3495a1

$session = $cryptoWrapper->wrapSession($session);

I think the main problem is that the browser gets two session passphrase cookies and the wrong one is being used to try and decrypt the session. I'm not sure what is generating that though.

[BernhardPosselt]

Anytime you're getting a cyclic dependency, youre doing it wrong ;)

[LukasReschke]

I bet this is a duplicate of #18919. – Let's see… At least the thing from @oparoz.

[oparoz]

@LukasReschke - Must be since your PR fixes the issue.

[LukasReschke]

@cosenal Please test as well. If it still fails then this is another bug and I tend to blame Chrome on iOS 🙊 ;-)

[cosenal]

Still not working :( Let's blame it on Chrome on iOS and close this ;-)

[oparoz]

Same problem with Gallery. It fails the check and the problem is that it's a pain to setup remote debugging for that browser.