ChatGPT Session Expired Every Few Minutes: 8 Fixes

ChatGPT keeps logging you out mid-chat? The 3 main causes are cookies being wiped, multiple tabs racing the token, and a corporate proxy stripping headers. Verified June 2026 fixes.

A healthy chatgpt.com session lasts roughly 7-30 days and refreshes itself silently in the background. If yours dies every 5-15 minutes, the session length isn’t the problem. One of three things is happening: your cookies are being wiped externally, multiple tabs are racing to refresh the token (and invalidating each other), or a corporate / school proxy is stripping the Set-Cookie and Authorization headers. Fastest test: turn off Wi-Fi, tether to your phone (4G/5G), and use ChatGPT for 10 minutes. If the logouts stop, it’s your network (skip to Step 5). If they continue, it’s your browser or system clock (Steps 2-4, 7).

One 2026 change worth knowing up front: OpenAI tightened account risk-control this year. Logging in from several devices or geographies at once, or hopping IPs quickly, can now trigger a forced re-auth (and sometimes an SMS check). So “session expired” isn’t always a bug on your end — it can be the server invalidating a session it thinks is risky.

Which bucket are you in?

Symptom you actually seeMost likely causeJump to
Logged out every time you close/reopen the browserCookies set to clear on close, or an extension purging themSteps 3-4
Logged out after switching between several open ChatGPT tabsTabs racing the session tokenStep 2
Only happens on the office/school network or VPNTLS-intercepting proxy rewriting cookies; web shows 403 ForbiddenStep 5
Desktop app shows a certificate / “Network configuration issue” errorApp certificate pinning rejects the proxy certStep 5
Happens after the laptop sleeps or you change networksNew IP triggers a re-authSteps 1, 6
Token “expired” the instant you log inSystem clock skewStep 7
Nothing ever persists between sessionsYou’re in Incognito / Private modeStep 6 (browser)

Common causes

1. Browser set to “clear cookies on close” or an extension purging them

Firefox “Delete cookies and site data when you close Firefox”, Safari’s ITP capping some cookies at 7 days, and extensions like Cookie AutoDelete / Forget Me Not that wipe on every tab switch.

How to judge: DevTools (F12 or right-click → Inspect) → Application tab → Storage → Cookies → https://chatgpt.com → find __Secure-next-auth.session-token (on large accounts it may be chunked as __Secure-next-auth.session-token.0 and .1). Look at its Expires / Max-Age column. If it reads “Session” instead of a real date weeks out, it dies the moment you close the browser.

2. Multiple tabs racing to refresh the session token

With three chatgpt.com tabs open, each one calls /api/auth/session during init. One refresh wins and rotates the token; the others are left holding a stale token, so their next API call returns 401 Unauthorized and the UI shows “session expired.”

How to judge: Close every tab, keep exactly one, pin it, and work for 15 minutes. If the frequency drops sharply, it was a tab race.

TLS-intercepting proxies (Zscaler, Palo Alto Prisma Access, Cisco Umbrella, Netskope) unwrap HTTPS to inspect traffic and re-sign it with their own certificate. Two failure modes: they rewrite SameSite=None to Strict (so cross-subdomain cookies between chatgpt.com and auth.openai.com die), or they drop the __Secure- prefixed cookies entirely. When the rewrite is heavy-handed, OpenAI’s edge now answers with a flat 403 Forbidden instead of a silent re-login.

How to judge: Switch to a phone hotspot. If sessions stop expiring, it’s the corporate proxy. To confirm directly: DevTools → Network → reload → click the auth/session request → Response Headers → check that the Set-Cookie line is present and intact.

4. Frequent Wi-Fi ↔ cellular switching, or VPN IP rotation

The laptop wakes, Wi-Fi reconnects, the IP changes, and OpenAI’s risk engine may treat the new IP as a possible hijack and force re-auth. Rotating-exit VPNs make this worse because the IP can change mid-session.

How to judge: Pin to one network and one VPN node for 30 minutes. No expiry means a network/IP swap was the trigger.

5. System clock skew

The session JWT carries iat (issued-at) and exp (expiry) timestamps. If your local clock is off by more than a few minutes, a freshly issued token can look already-expired the instant it arrives.

How to judge: Compare your clock to time.is. On macOS, System Settings → General → Date & Time → “Set time automatically” should be ON.

6. Working in Incognito / Private window

If you’ve been in a private window the whole time, closing it wipes everything — the session can never persist, and ChatGPT memory features behave inconsistently.

How to judge: The window chrome is dark / tinted, and there’s an “Incognito” or “Private” badge near the address bar.

Shortest path to fix

Step 1: Environment triage — test on a network you control

Laptop → turn off Wi-Fi → tether to phone hotspot (4G/5G)
→ log in at chatgpt.com → work 10-15 minutes
  • No more expiry, or the web stops returning 403 → it’s the corporate / school network. Jump to Step 5.
  • Still expiring → it’s the browser or system layer. Continue with Step 2.

Step 2: Keep one tab only

Close all chatgpt.com tabs, reopen exactly one, and pin it so a stray click doesn’t spawn duplicates. For parallel conversations, switch chats in the left sidebar instead of opening more tabs. If you genuinely need two windows side by side, use separate browser profiles — each profile has its own cookie jar, so they can’t race the same token.

Step 3: Make cookies long-lived for chatgpt.com

Chrome:  chrome://settings/cookies → "Sites that can always use cookies"
         → Add → [*.]chatgpt.com  (and [*.]openai.com)
Firefox: about:preferences#privacy → "Custom"
         → uncheck "Delete cookies and site data when Firefox is closed"
         → or click "Manage Exceptions" and Allow chatgpt.com
Safari:  Settings → Privacy → make sure "Block all cookies" is unchecked
chrome://extensions  (or about:addons in Firefox) → disable or allowlist:
- Cookie AutoDelete
- Forget Me Not
- Privacy Cleaner / Click&Clean / History Eraser
- aggressive ad/script blockers that strip set-cookie

Adding chatgpt.com and openai.com to each extension’s allow list usually fixes it without uninstalling anything.

Step 5: Corporate / school proxy handling

First confirm interception. In the address bar, click the lock/tune icon → Connection is secure → certificate details → check the issuer:

"Let's Encrypt" / "Google Trust Services" / "DigiCert"  → real cert, no interception
Your company name / "Zscaler" / "Palo Alto" / "Netskope" → TLS interception is rewriting cookies

If it’s TLS-intercepted, you cannot fix this fully client-side — IT has to add OpenAI’s domains to the SSL/TLS inspection bypass list. Send them this:

Subject: Request SSL-inspection bypass for OpenAI domains
Domains: *.openai.com, *.chatgpt.com, *.oaistatic.com, *.oaiusercontent.com
Reason:  ChatGPT relies on SameSite=None cross-site auth cookies. Our proxy
         rewrites/strips them during HTTPS inspection, so the session expires
         every 5-15 minutes and the edge sometimes returns 403 Forbidden.
Impact:  Lost work time across the team.
Note:    The macOS desktop app uses certificate pinning and will fully refuse
         to connect through an inspecting proxy, so a bypass (not just an
         allowlist) is required.

Important 2026 change for the desktop app: OpenAI spent early 2026 phasing out the enterprise certificate-pinning exceptions that used to let some inspecting proxies through, with the final one (WellPoint) dropped on April 23, 2026. The desktop app now rejects any inspecting proxy with a certificate / “Network configuration issue” error and won’t launch — there is no longer an allowlist to request. Until IT bypasses inspection, use ChatGPT in a regular browser (cookie-based, not pinned), which still works through most proxies even when the app won’t. This reverses the old “just use the app” advice. See OpenAI’s network recommendations.

Step 6: Pin your VPN exit (or turn the VPN off)

NordVPN / ExpressVPN / etc. → Settings → disable "Auto-select server"
→ manually pick one fixed node (same metro is best)
→ disable IP rotation and any "reconnect on a new server" / kill-switch behavior

If you don’t actually need the VPN for ChatGPT, the cleanest fix is to turn it off for the openai.com / chatgpt.com domains (most VPN clients support split tunneling).

Step 7: Calibrate the system clock

macOS:   System Settings → General → Date & Time → "Set time automatically" ON
Windows: Settings → Time & language → Date & time → "Set time automatically" ON
         → also "Set time zone automatically" ON → click "Sync now"
Linux:   sudo timedatectl set-ntp true

Step 8: Kill stale sessions from another device

If a phone or old laptop somewhere keeps logging in (or you suspect someone else has access), a session you didn’t start can keep invalidating yours. As of June 2026 ChatGPT has a self-service panel:

chatgpt.com → your profile (top right) → Settings → Security → Active sessions

Each row shows the device type, rough location, and sign-in time. End any you don’t recognize with Log out, or use Log out of all sessionsLog out of all devices to reset everything (this signs out your current session too and can take up to ~30 minutes to fully propagate). Then log back in fresh on just the one device you use.

How to confirm it’s fixed

  1. Pick the fix that matched your bucket above and apply only that one first.
  2. Reload chatgpt.com, open DevTools → Application → Cookies, and confirm __Secure-next-auth.session-token now shows a real Expires date weeks out, not “Session.”
  3. Work for 30 minutes without touching tabs or networks. No “session expired” prompt and no 401/403 in the Network tab means you found it.
  4. If it still recurs, move down the table — the three big causes (cookie wipe, tab race, proxy) are independent and can stack.

FAQ

Why does ChatGPT log me out every few minutes only at work? Almost always a TLS-intercepting proxy (Zscaler, Netskope, Palo Alto, Umbrella) re-signing OpenAI’s traffic and mangling the SameSite=None auth cookies — sometimes producing a 403 Forbidden. Confirm with a phone hotspot (Step 1) and have IT bypass *.openai.com and *.chatgpt.com from inspection (Step 5).

The ChatGPT desktop app won’t load on my company network but the website works. Why? The macOS desktop app uses certificate pinning and, since OpenAI removed the last enterprise exceptions in April 2026, refuses to connect through any inspecting proxy. The browser is cookie-based and not pinned, so it still works. Use the browser until IT bypasses SSL inspection.

Is __Secure-next-auth.session-token the right cookie to check? Yes — it’s still the session cookie as of June 2026. On large accounts it may be split into __Secure-next-auth.session-token.0 and .1. If its Expires shows “Session,” your browser or an extension is set to clear it on close (Steps 3-4).

Could this be a hacked account rather than a settings problem? It can. OpenAI’s 2026 risk-control can force re-auth when it sees logins from multiple places at once. Open Settings → Security → Active sessions (Step 8); if you see a device or location you don’t recognize, log out all sessions and change your password.

Does clearing cookies fix it? It clears one symptom (a corrupted cookie) but not the cause. If the real issue is a tab race, a proxy, or an extension, the session will expire again right after you log back in. Diagnose with the table first.

How long is a ChatGPT session supposed to last? Roughly 7-30 days with automatic silent refresh, so you should rarely have to log in. Anything on the order of minutes means one of the causes above is fighting the refresh.

Prevention

  • Use a dedicated browser profile for ChatGPT, with cookies set to persist and only essential extensions installed.
  • Keep one chatgpt.com tab; switch chats via the left sidebar instead of opening more tabs.
  • On managed machines, confirm IT has bypassed *.openai.com / *.chatgpt.com from SSL inspection before you rely on the app.
  • Prefer a fixed / dedicated-IP VPN node over rotating exits, or split-tunnel ChatGPT out of the VPN.
  • Keep system time on auto-sync.
  • Don’t work long-term in Incognito; sessions don’t persist and memory features get flaky.
  • Periodically review Settings → Security → Active sessions and remove devices you no longer use.

Tags: #ChatGPT #ChatGPT account #Troubleshooting #Debug #Session expired