Quick update for anyone else who has this problem: login pages expire after 15m, and this happens any time you try to log in using a stale login page.
You can get to a stale login page in some unexpected ways. Leaving one open for 15m is the most obvious, but also the back button or perhaps a bookmark.
I am not sure how the session timeout part factored in. That did seem to have an effect at the time… That was some time ago however - maybe I was just wrong and I really was timing out somehow?
The best thing to do is handle the error in the IoC for auth0, like this: https://github.com/auth0-samples/auth0-aspnetcore-mvc-samples/issues/46
It actually translates more like:
… Under options.Events = new OpenIdConnectEvents
// handle correlation failed errors caused by stale lock login pages.
OnRemoteFailure = (context) =>
if (context.Failure.Message == "Correlation failed.")
// [ log error ]
// redirect to some help page or handle it as you wish