PWM 2.0.6 and 2.0.7 - Error "The browser session is invalid or has expired. Please try again."

[Luiz Gustavo Quirino]

We are experiencing  authentication errors in PWM service in some specific cases, but we have not yet identified the exact trigger for the issue. The error occurs for some users, without a clear pattern.

When trying to login, they're getting the following error message:
"The browser session is invalid or has expired. Please try again."

PWM logs (debug mode):

• 2025-02-18T14:45:17Z, ERROR, http.PwmResponse, {jtjQJ} 5034 ERROR_INVALID_FORMID (form nonce missing) [192.xx.xx.xx]
• 2025-02-18T15:04:54Z, FATAL, servlet.AbstractPwmServlet, {iHNj8} unexpected error: 5034 ERROR_INVALID_FORMID (form nonce incorrect) [192.xx.xx.xx]

In our test environment, we are using Chrome version 133.0.6943.98 (Official Build) (64-bit). Right now, the error is happening in my machine, so it's easy to reproduce it.

Here are some additional notes:

 

1. We use nginx in front of PWM
2. The error never happens in Firefox browser, just in Chrome and Safari (and just for some users, not all).
3. If the user uses a cognito window in chrome/safari, the error never happens.
4. If We disable "Enable From Nonce" in PWM Settings, the error never happens.

 

We don't want to disable "Form Nonce"  due to security concerns.

Any help would be appreciated

Cheers,

[Jason Rivard]

Please see https://github.com/pwm-project/pwm/issues/711

Is this what your encountering?