Multiple tabs will overwrite the cookie’s login-state, causing the race condition, which leads to the inconsistency between the old state in the URL and the new state value in the cookie. 

4.20    

Always

Environment: 4.20.0-0.nightly-2025-08-12-153542, Azure
1. Launch a cluster with clusterbot command: launch 4.20 azure

2. Patch the oauth config to manually set the inactivity timeout to the minimum value 300s to make the testing easier. oc patch oauth cluster -p='{"spec":{"accessTokenInactivityTimeout":"300s"}}}' Wait until this is taking effect (when the Authentication Operator finish reconciliation)

2. Visit the dashboard, and duplicate the tab in a 5-10 seconds interval

3. Switch to non-console tab for 5 min without touching the console at all until the title of the tabs become “Login”

4. Check the cookie under the console url (!! not the oauth url), and remember the value of the login-state

5. Go to each tab, find the state value in the URL, and compare. Go to the tab that have the different value of state than the login-state value, and then login with your kubeadmin account

6. The page will redirect the user to the auth/error blank page

7. If you go back to the tab that have the same value as the login-state value, and hit login button, you will be logged in and at this time you don’t need to re-type your username and password.    

The race condition happens, only the login from the tab that has the same state value as the value stored in the cookie will have successfully logged in.

No matter which tab the user use to logged in back, it should