Help on root cause of an error

Hi all! We are getting the following error on occasion. Several users have reported it, but it doesn’t happen every time. When the error does show up, it’s after the user has been redirected to the login screen of our system after a session timeout. Our session timeout is set to go after 15 minutes of inactivity.

Please see the message below:

invalid_request: You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies, since we couldn’t find your session. Try logging in again from the application and if the problem persists please contact the administrator.

TRACKING ID: 7b4d780c01eea3c22781

Hi Maria,

It seems that the users are being shown this error due to the session timing out.

My suggestion would be to configure a default login route at the tenant level to ensure that the user to be redirected to that url, rather than be shown this error.

1 Like

Hey Harsh, thanks for your reply! We are redirecting to our login page when there is a session timeout.

In order to reproduce the error what we have done is leave an open session, the session times out, and the user is redirected to the login page, if the user doesn’t sign in again within a long period (2 hours or more), sometimes (not always) the login won’t work displaying this error.

I have also left the session open overnight, I always find the login page when I come back (which is expected) but sometimes when I log in I get the error screen, other times I don’t.

If the user signs in shortly after they have been kicked out, there is no issue.

Please advise.

Hey Maria,
I think @Harsh2 was on the right track. You would have to go to your application setting inside your tenant and set the default login path (i dont think localhost qualifies as a valid login path). This will be the default login url for your application. In cases of timeout auth0 will try to redirect the client to that url instead of presenting you the invalid request error. I hope this helps.

Hey! The thing is, we have multiple organizations hosted under one tenant. We don’t have a unique URL.

Are you referring to this setting in the dashboard:

I want to emphasize that the user is always redirected to the corresponding login page after the session time-out. The error shows when the user tries to sign in after leaving the login page open. The error shows up when they place their credentials and click on the login button. Is there something that expires on the login page?

Im not 100% sure but it might be the state value used by Auth0 as part of preventing CSRF attack expiring after a certain time. I don’t know if there is a workaround for the issue.