Browser bookmarks fail after a few weeks

I've posted about this in one of the other topics, but it's becoming a bigger and bigger issue. It needs its own post.

We have a created a web site for our company for internal use using Ignition 8.1. The whole site requires authentication, for which we use our Windows logins/passwords (ActiveDirectory, in other words). Users typically have browser bookmarks to go directly to their frequently-used pages.

Those bookmarks work . . . for a while. But after a few weeks, the users get odd behavior. The user follows the bookmark and authenticates as normal. But the authentication fails. The message on the screen says, "HTTP ERROR 400 Bad Request", followed by "/data/federate/callback/ignition/bridge" and a restatement of the error.

In the other post, the user was advised to turn on logging for Gateway.federationRoutes, which I have done as well, and I get the same message about "Unable to parse the error redirect URI from the relay state JWT" that they were getting.

Somehow, the browser bookmark (both Chrome and Edge so far) is key to the problem. When given a straight-up link to the page they want to go to, these users can follow it, authenticate, and arrive at the page. But following a browser bookmark to the exact same page and authenticating as part of that process triggers the issue.

This is increasingly becoming an annoyance as more and more users are making use of the site but then report to me that they "can't log in", when in fact they can, they just can't use the nice convenient browser bookmarks they set up.

My best guess is that browsing to the site via a bookmark must carry with it some additional information (a cookie? Something similar?) that coming in via a simple link does not, and that additional information must be expiring after some length of time and triggering a login failure. Is anyone else seeing this, and does anyone have any ideas for a proper solution? Telling people not to use bookmarks isn't cutting it.

I've seen a similar issue, but it has to do with a timeout with the user or Ignition restarting. You'll see the URL having old information in it and the browser tries to use the old session ID or something which Ignition closes.

The only way I've gotten around it is closing the old window then opening the new bookmarked page. I've also seen users bookmarking the Authentication page and not the actual link to the project page. This also will cause Authentication errors because the user is trying to old tokens.

Two more bits of information. One is that removing the old bookmark and replacing it with a new one, pointing to exactly the same page, does solve the issue. So it clearly has something to do with the old bookmark. No idea (yet) whether the new bookmark eventually gives issues, too, but I'll bet it does.

The other, in case anyone is interested, is the line from the stack trace where this failed. From the look of it, it was trying to deserialize a JSON web token when it failed, resulting in the following line:

org.jose4j.jwt.consumer.InvalidJwtSignatureException: JWT rejected due to invalid signature. Additional details: [[9] Invalid JWS Signature: JsonWebSignature{"kid":"k1","alg":"HS256"}->stuff]

So--I'm totally guessing here, this is not my area of expertise--is there something about a browser bookmark that stores JSON web token information along with the straight-up url, and sends it along with the request each time? Something like that must be going on here to get a result like this, right? And if so, how do I tell it to stop doing that?

Never post jwt tokens online. Those could contain senstive info...

Bookmarks shouldnt contain such info though, those are stored in cookies which should be url related.

That said it does seem like the jwt is expired,

The other post mentioned something about http/https which are you using?
Try using the other one