We are using mixed mode auth using Okta for Optimizely editors and Azure B2C for end users. Right now we share the same cookie auth scheme (to be able to keep the Optimizely Quick Navigator).
We have set cookie expiration. We noticed that Optimizely UI (edit/admin) does not handle cookie expiration that very gracefully. Api endpoints fails and unexpected errors just pops up in the notification area. Not the best editor experience. Editor can reload (rechallange on the idp) and everything is fine until next expiry.
Didn't Optimizely UI have auto-logout prompt at some point? So if the editor leaves for lunch we will have the prompty on the screen when he comes back (and the cookie has expired)?
Are we taking the wrong approach? (short expiration is a customer security requirement)