nextcloud · szaimen · Mar 16, 2026
@@ -159,7 +159,7 @@ private function decryptWithoutSecret(string $authenticatedCiphertext, string $p
 			}
 		} else {
 			if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $hmacKey), $hmac)) {
-				throw new Exception('HMAC does not match.');
+				throw new \RuntimeException('HMAC does not match.');
 			}
 		}
 

@@ -58,6 +58,15 @@ protected function initializeSession() {
 					512,
 					JSON_THROW_ON_ERROR,
 				);
+			} catch (\RuntimeException $e) {
+				// Even though this might be critical in general, we are automatically trying again and will likely succeed.
+				// We only log to info to not spam the logs with a well-known problem the admin cannot do anything about.
+				// See https://github.com/nextcloud/server/issues/42157
+				logger('core')->info('Could not decrypt or decode encrypted session data', [
+					'exception' => $e,
+				]);
+				$this->sessionValues = [];
+				$this->regenerateId(true, false);
 			} catch (\Exception $e) {
 				logger('core')->critical('Could not decrypt or decode encrypted session data', [
 					'exception' => $e,