NET8.0 and Duende IdentityServer 6 issue? Users must close all web-pages when token expires

[frodegil]

Which version of Duende IdentityServer are you using? 6.3.10

Which version of .NET are you using? net8.0 (recently upgraded from net6.0 - that's when the problem started)

Describe the bug When the token expires, users are redirected to our id-portal that immediately closes the connection (web-page not shown) for some users and others are able to open the id-portal, select a mechanism and gets an error on the ExternalController's Callback url.

To Reproduce

Open a web-page not related to the application (so that the session cookie is preserved when you close the application web-page later) Open a new web-page related to the application and log in. Close the application web-page. Wait until the token expires. Open a new web page and navigate to the application url. The user will be re-directed to the id-portal and the page is displayed with a http error (err_connection_reset).

Expected behavior

The expected behavior is to have the id-portal displayed showing login alternatives.

Log output/exception with stacktrace No logs found.

Additional context

To fix the problem (for both error-scenarios), users must close all web-pages. This removes the session cookie that seems to be the root-reason for this problem. Using incognito mode (for the first time) also fixes the problem. The problem repeats the next day (also in incognito mode). This problem started last week when we upgraded our id-portal project to net8.0 so we think this might be related to version 6 of IdentityServer having issues with the net8 core framework? Our IdentityServer implementation has not been changed after upgrade to net8.0.

[RolandGuijt]

Running Duende IdentityServer 6 on .NET 8 is not supported. Can you please upgrade to IdentityServer 7 and let us know if the problem persists?

[RolandGuijt]

Closing this issue for now. If you have anything to add please do so.