PWM 2.0.6 and 2.0.7 - Error "The browser session is invalid or has expired. Please try again."

[quibueno]

We are experiencing authentication errors in PWM service in some specific cases, but we have not yet identified the exact trigger for the issue. The error occurs for some users, without a clear pattern.

When trying to login, they're getting the following error message:
"The browser session is invalid or has expired. Please try again."

PWM logs (debug mode):

2025-02-18T14:45:17Z, ERROR, http.PwmResponse, {jtjQJ} 5034 ERROR_INVALID_FORMID (form nonce missing) [192.xx.xx.xx]
2025-02-18T15:04:54Z, FATAL, servlet.AbstractPwmServlet, {iHNj8} unexpected error: 5034 ERROR_INVALID_FORMID (form nonce incorrect) [192.xx.xx.xx]

In our test environment, we are using Chrome version 133.0.6943.98 (Official Build) (64-bit). Right now, the error is happening in my machine, so it's easy to reproduce it.

Here are some additional notes:

We use nginx in front of PWM
The error never happens in Firefox browser, just in Chrome and Safari (and just for some users, not all).
If the user uses a cognito window in chrome/safari, the error never happens.
If We disable "Enable From Nonce" in PWM Settings, the error never happens.

We don't want to disable "Form Nonce" due to security concerns.

Any help would be appreciated

[jrivard]

Duplicate of #711. Please re-open if the workaround in #711 doesn't resolve the issue.