User Agent does not correspond (EVENT-adk13)
After being logged out and needing to reauthenticate on of our users encountered this error upon refreshing the Zitadel login screen. Can this be caused by certain configuration? The user agent was the same as the cookie since user entered a refresh flow, right?
5 Replies
Hi @Arwin, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
This error ("User agent does not correspond") is related to how ZITADEL uses cookies to identify the browser/user agent for user sessions. If cookies are blocked, deleted, or not sent correctly, or if there's a mismatch between the stored user agent in the cookie and the actual browser user agent (which can happen if the browser is updated or cookies are restored after a restart) , this error can occur—even if the user appears to be using the same browser and enters a refresh flow (1) (2) . Some configurations, such as strict SameSite cookie enforcement, domain mismatches, or sharing cookies across subdomains, can also contribute to this problem .
To resolve this, ensure:
- Cookies are not blocked or deleted by the browser.
- The browser/user agent string hasn't changed (e.g., after a browser update) .
- There are no domain or subdomain conflicts that might cause cookies to be sent incorrectly.
- In Safari, disabling "SameSite strict enforcement (ITP) " and making sure "Block All cookies" is off can help (1) .
More troubleshooting steps and configuration checks are detailed here: Troubleshoot ZITADEL .
To learn more, see the sources I considered:
[1] Troubleshoot ZITADEL
[2] User Agent
Feel free to tag @Ask Inkeep with additional questions.
hey @Arwin thanks for your question, looking into it.
Thanks @Rajat !
Of course!
Use-case: We use zitadel to manage authentication/indentity entirely
Environment: Zitadel Cloud
Stack: We use Zitadel to authenticate users to our backend. So our SPA angular frontend handles token retrieval and our Symfony BE validates these tokens. Currently when retrieving tokens, after a day we get logged out/need to refresh our token. User is sent to login UI again, but then ocassionaly the error "User Agent does not correspond (EVENT-adk13)" is shown
What you expected to happen: User is able to refresh their token seamlessly
What went wrong: User is unable to refresh token and get's stuck in zitadel login UI
Additional information: We have two separate frontend portals (admin & consumer). A single user can have roles to access both portals. So a user can be admin and consumer at the same time. When retrieving a token in e.g. admin portal we only request admin role in scopes. Same goes for consumer. When accessing/switching between both portals, maybe something goes wrong in cookie handling?