I found this in general chat which close from my problem but there was no answer : Hello, I am observing strange Ory behavior when you start multiple browser flows at the same time in multiple tabs (different subdomain, same root domain). Seems completing one login flow succeeds, but corrupts the other flows. It is reproducible by clicking 'sign in' from 'Ory account experience' twice also, then completing the flows in separate tabs. General steps to reproduce: 1. open browser tab 1 to start a flow

<http://app1.example.com|app1.example.com>

(

/ui/login?flow=b4692...

) 2. open browser tab 2 to start another flow

<http://app2.example.com|app2.example.com>

(

/ui/login?flow=a6065...

) 3. complete login flow 1 via SSO in tab1 (success) 4. complete login flow 2 via SSO in tab2 (fail - CSRF error with unformatted ui error from

/ui/b2b-sso/convert-flow?...

) Something similar happens via password login also, where the completed flow in tab 1 honors the return_to initialized with the flow, but completing the other flow in tab 2 doesn't - instead tab 2 uses default redirect configured in the project. Please let me know of any bug, known issue, or possible resolution here. It could be an edge case scenario, but if a user happens to open multiple apps on the same domain without being logged in, it can result in a bumpy experience.

this issue relates to two different doamins. yours is the same domain (127.0.0.1:8080) weird its also a csrf error. having tried from your case, i got

"messages": [
            {
                "id": 4000001,
                "text": "A valid session was detected and thus login is not possible. Did you forget to set `?refresh=true`?",
                "type": "error",
                "context": {
                    "reason": "A valid session was detected and thus login is not possible. Did you forget to set `?refresh=true`?"
                }
            }
        ]