AI AI Tools Guidebook
Troubleshooting

ChatGPT Says Session Expired Every Few Minutes

ChatGPT keeps logging you out mid-conversation — cookies being wiped, multiple tabs racing, and corporate proxy stripping headers are the 3 main causes.

Published: Author: AI Productivity Guide Team 🌐 查看中文版本

A normal session lasts 7-30 days with automatic silent refresh. If you’re expiring every 5-15 minutes, the issue isn’t the session itself — it’s: cookies being wiped externally, multiple tabs racing to refresh the token (invalidating each other), or a corporate / school proxy stripping Set-Cookie and Authorization headers. Identifying the environment first (home vs office vs VPN) gets you 80% to the root cause.

Common causes

1. Browser set to “clear cookies on close” or an extension purging

Firefox “Delete cookies and site data when you close Firefox”, Safari’s 7-day ITP cap on some cookies, Cookie AutoDelete / Forget Me Not extensions wiping on every tab switch.

How to judge: DevTools → Application → Cookies → check __Secure-next-auth.session-token’s Expires. If “Session” instead of a date, it dies when the browser closes.

2. Multiple tabs racing to refresh the session token

Three chatgpt.com tabs open, each pings /api/auth/session during init. One wins, others get stale tokens, next API call → 401.

How to judge: Close all tabs, keep just one. Frequency drops noticeably = tab race.

3. Corporate / school proxy strips SameSite=None or cross-origin Set-Cookie

TLS-intercepting proxies (Zscaler, Palo Alto Prisma, Cisco Umbrella) unwrap HTTPS to inspect traffic and rewrite headers. Common damage: SameSite=None becomes Strict (cross-subdomain cookies die), or __Secure- prefixed cookies are dropped.

How to judge: Switch to phone hotspot (bypass corporate net). Sessions stop expiring = corporate proxy. Or DevTools → Network → check Set-Cookie response headers for completeness.

4. Switching between Wi-Fi and cellular frequently

Laptop wakes, Wi-Fi reconnects, IP changes — OpenAI may treat the new IP as a hijack risk and force re-auth.

How to judge: Pin to one network for 30 minutes. No expiry = network swap was the trigger.

5. System clock skew

JWT carries iat / exp timestamps. Local clock skew > 5 minutes makes a fresh token look expired on arrival.

How to judge: Mac → System Settings → Date & Time → “Set time automatically” should be ON. Terminal date versus time.is.

6. Working in Incognito / Private window

If you’ve been working in Incognito the whole time, closing the window wipes everything — session never persists.

How to judge: Window border is dark / purple (not normal color) or “Incognito” icon in the URL area.

Shortest path to fix

Step 1: Environment triage — switch to home network

Laptop → turn off Wi-Fi → connect to phone hotspot (4G/5G) → log in to chatgpt.com → work 30 minutes
  • No more expiry = corporate / school network issue, jump to Step 5
  • Still expiring = browser / system layer, continue Step 2

Step 2: Only keep one tab

Close all chatgpt.com tabs, reopen one, pin it. If you want parallel conversations:

  • macOS: use split view but keep one tab; switch chats in the left sidebar
  • Truly need parallel: use separate browser profiles — each profile has its own cookie jar and won’t race

Step 3: Make cookies long-lived

Chrome: chrome://settings/cookies → bottom → "Sites that can always use cookies" → Add → chatgpt.com
Firefox: about:preferences#privacy → "Custom" → uncheck "Delete cookies and site data when Firefox is closed"
Safari: Settings → Privacy → uncheck "Block all cookies"
chrome://extensions → check and disable:
- Cookie AutoDelete
- Forget Me Not
- Privacy Cleaner
- Click&Clean
- History Eraser

Or add chatgpt.com to each extension’s allow list.

Step 5: Corporate / school proxy handling

If Step 1 confirmed it’s corporate network:

1. In the URL bar, click the lock icon → check certificate issuer
   - "Let's Encrypt" / "DigiCert" = real cert, no interception
   - "Zscaler" / "Palo Alto" / company name = TLS interception is rewriting cookies

If TLS-intercepted:

  • Cannot be fixed client-side; IT must add *.openai.com, *.chatgpt.com to TLS bypass / SSL exception
  • Ticket template:
Subject: Request TLS bypass for OpenAI domains
Domains: *.openai.com, *.chatgpt.com, *.auth0.openai.com
Reason: SaaS service requires SameSite=None third-party cookies which
        our proxy strips during HTTPS inspection. End user impact:
        session expires every 5-15 minutes, productivity loss.
Risk: Standard SaaS endpoint, no DLP concerns, served via Cloudflare.

Step 6: Pin VPN exit

NordVPN/ExpressVPN/etc → Settings → disable "Auto-select server"
→ manually pick one fixed node (preferably same metro)
→ disable IP rotation / kill switch reconnect

Step 7: Calibrate system clock

Mac: System Settings → General → Date & Time → "Set time automatically" ON
Win: Settings → Time & language → Date & time → "Set time automatically" ON, sync time zone

Step 8: Fall back to mobile app

When corporate IT policy can’t be changed, the mobile app stores a local bearer token (not browser cookies) and bypasses most proxy issues. Move important work to the app until IT fixes things.

Prevention

  • Use a dedicated browser profile for ChatGPT with cookies set to persist; install only essential extensions.
  • Keep only one chatgpt.com tab; switch chats via the left sidebar instead of opening more tabs.
  • Confirm in advance that IT has TLS bypass for OpenAI on managed machines; if not, request it before the next workday.
  • Choose dedicated-IP VPN nodes, not rotating exits.
  • Always keep system time auto-sync on.
  • Don’t work in Incognito long-term — sessions don’t persist, and memory features become unreliable.

Tags: #ChatGPT #ChatGPT account #Troubleshooting #Debug #Session expired

Related Articles