network If user sits on Account-Experience login page, they get a login flow expired error

Preflight checklist

[X] I could not find a solution in the existing issues, docs, nor discussions.
[X] I agree to follow this project's Code of Conduct.
[X] I have read and am following this repository's Contribution Guidelines.
[X] I have joined the Ory Community Slack.
[ ] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

After a user sits on the default account experience login page for about 30 minutes and then tries to login, they get an error that their login flow is expired. Ideally, the “flow expired” error should just redirect to a new flow in browser contexts.

Reproducing the bug

Open account experience login page
Wait ~30 minutes (or whatever your lifespan is set to for login flows)
Try to login At this point the user will see an error that their login flow is expired

Relevant log output

No response

Relevant configuration

No response

Version

Ory Network

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

No response

Sep 12 '24 14:09 calebgrollins

What would be the expected behaviour? I believe you can handle the error and tell user to start the flow from the beginning.

Sep 15 '24 08:09 OskarsPakers

Isn‘t that what‘s happening? We show the error and the user starts again?

Sep 15 '24 08:09 aeneasr

I believe you can handle the error and tell user to start the flow from the beginning.

This is in the Ory Network Account-Experience, so we don't have control over that. I am not too familiar with the inner workings of all this so I am not sure if this is the on the kratos side or the Ory Network side. It was recommended to me to open a bug in this repo.

At the end of the day, the result we would expect to see is that another flow would be created transparently for the user or they would at least be redirected to something more friendly. End users shouldn't have to know or care about flows.

Sep 16 '24 04:09 calebgrollins

Ok, we will need to investigate.

Sep 19 '24 15:09 aeneasr

I see - I worry that people misinterpret this as "it should return me there" which it does not. Maybe if it's documented properly that setting this is ineffective and purely informational?

Sep 19 '24 15:09 aeneasr

I see - I worry that people misinterpret this as "it should return me there" which it does not. Maybe if it's documented properly that setting this is ineffective and purely informational?

I'm not sure I follow. Setting what?

Sep 25 '24 19:09 calebgrollins

My bad, I made this comment in the wrong issue!

Sep 26 '24 09:09 aeneasr

Is there any update on this? I know it may not be a very common case for an actual end-user but I want to be able to tell my customer what we can or cannot do about this flow.

I am running custom UI through Ory Elements, so I guess I could implement a custom flow redirection on my end, but I haven't interfered with the built-in flow yet (the main reason for using Ory Elements is to not have to bother, for me).

Sep 18 '25 07:09 fullyherge