When the client cookie introspection fails, the user is logged out completely because their SSO (root) cookie is deleted. When I log into one app and then navigate to another one that uses cookie introspection, my SSO cookie is deleted and I'm required to log in again.
Solution
Delete the client cookie instead of the SSO cookie so that a new cookie can be obtained via the authorization code flow without login if needed.
Issue
When the client cookie introspection fails, the user is logged out completely because their SSO (root) cookie is deleted. When I log into one app and then navigate to another one that uses cookie introspection, my SSO cookie is deleted and I'm required to log in again.
Solution
Delete the client cookie instead of the SSO cookie so that a new cookie can be obtained via the authorization code flow without login if needed.