Using the LoginRedirect component instead of a simple <a href=...> causes the browser to issue a request to /api/data/platform/config just after the browser starts loading the /api/auth/login request. This causes a race condition with sessions and the Set-Cookie header, resulting in a failed authentication flow.
Request to /api/auth/login -> sets the initial cookie value
Request to /api/data/platform/config -> if it happens before receiving the Set-Cookie, will result in a concurrent Set-Cookie being received.
Browser saves to wrong cookie and uses it during the callback stage of the login flow.
Using the
LoginRedirectcomponent instead of a simple<a href=...>causes the browser to issue a request to/api/data/platform/configjust after the browser starts loading the/api/auth/loginrequest. This causes a race condition with sessions and theSet-Cookieheader, resulting in a failed authentication flow./api/auth/login-> sets the initial cookie value/api/data/platform/config-> if it happens before receiving theSet-Cookie, will result in a concurrentSet-Cookiebeing received.