Intermittent Issue with Login

[Rvalle23]

Please provide us with the following information:

This issue is for a: (mark with an x)

- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

When leave the web open on browser after an hour, or open the browser; the web sometimes does GET //auth/redirect? and it shows an Internal Server Error.

Any log messages given by the failure

| [2022-09-12 18:35:48,924] ERROR in init: process_auth_redirect: security violation ('Failed to match request state with session state',)
backend | [2022-09-12 18:35:48,925] ERROR in app: Exception on /auth/redirect [GET]
backend | Traceback (most recent call last):
backend | File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 2525, in wsgi_app
backend | response = self.full_dispatch_request()
backend | File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1822, in full_dispatch_request
backend | rv = self.handle_user_exception(e)
backend | File "/usr/local/lib/python3.8/site-packages/flask_cors/extension.py", line 165, in wrapped_function
backend | return cors_after_request(app.make_response(f(*args, **kwargs)))
backend | File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1820, in full_dispatch_request
backend | rv = self.dispatch_request()
backend | File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1796, in dispatch_request
backend | return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
backend | File "/usr/local/lib/python3.8/site-packages/ms_identity_web/flask_blueprint/init.py", line 44, in aad_redirect
backend | return id_web.process_auth_redirect(redirect_uri=url_for('.aad_redirect',_external=True),
backend | File "/usr/local/lib/python3.8/site-packages/ms_identity_web/init.py", line 40, in assert_adapter
backend | return f(self, *args, **kwargs)
backend | File "/usr/local/lib/python3.8/site-packages/ms_identity_web/init.py", line 127, in process_auth_redirect
backend | raise ase
backend | File "/usr/local/lib/python3.8/site-packages/ms_identity_web/init.py", line 105, in process_auth_redirect
backend | self._verify_state(req_params)
backend | File "/usr/local/lib/python3.8/site-packages/ms_identity_web/init.py", line 40, in assert_adapter
backend | return f(self, *args, **kwargs)
backend | File "/usr/local/lib/python3.8/site-packages/ms_identity_web/init.py", line 259, in _verify_state
backend | raise AuthSecurityError("Failed to match request state with session state")
backend | ms_identity_web.errors.AuthSecurityError: Failed to match request state with session state
backend | 150.172.230.173 - - [12/Sep/2022 18:35:48] "GET //auth/redirect?

Expected/desired behavior

Use the session cokies.

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.