Invalid Request on login when login page has been open overnight, session timeout?

Ready to post? :mag: First, try searching for your answer.
There’s an issue that we are experiencing when the login page has been left open for a long time after the user has logged out.
Customer Experience:

  1. Logs into app, does some work, logs out.
  2. Leaves browser tab open to login page overnight (or for several hours)
  3. Returns to tab and tries to login again
  4. Login fails with the following details:
    **invalid_request** : You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies, since we couldn't find your session. Try logging in again from the application and if the problem persists please contact the administrator.
  5. User returns to login page and can successfully login on the second try

I have seen other posts that suggest that Inactivity timeout and Require log in after settings under Tenant Settings > Advanced can be increased so that the session doesn’t expire before the user starts to use them the next day. I have tried setting them both to their maximums (100 and 365 days, respectively) but I’m still able to repro this issue after leaving the login page open for an hour or so.

Is there some other setting in the Auth0 dashboard at play here? Or possibly an issue with how our web app is redirecting users to the /authorize endpoint which sends them to the login page?

Hi there @devin3 ,

Good step with increasing Inactivity timeout and Require log in after settings under Tenant Settings > Advanced. :slight_smile:

My first thought is that your environment could have a browser mechanism for storing/clearing browsing data, including cookies.

(On the step where the Login page is displayed for the user, Auth0 sends a bunch of cookies that help recognize the session).

What do you think? Could you investigate how things are (in terms of storing cookies) while on your Auth’s Login Page?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.