OIDC login with different user on an already logged in session

Question

I have a scenario where user opens two login screens. Enters credentials for user A and successfully logs into the system. Now user goes back to the other login screen and enters credentials for user B . The current behavior is that the browser window shows:

This page isn't workingIf the problem continues, contact the site owner. HTTP ERROR 400

The login method in controller is not reached instead the above error method is displayed in the browser window.

How do I handle this scenario?

Answer 1

As mentioned in my comment, your site is storing data inside cookies and this data seems to confuse the server. So the simple fix is to find out which cookie setting will confuse the server. That part of the code needs to be changed.
At a minimum, your login page should create a session ID , which would be stored inside the cookie. So if a user logs in and it notices an existing session cookie then don't continue to log in. The user is already logged in. Just forward the user to the normal page that he would see after logging in. He should be authenticated by now.
As an alternative, you can choose to use cookieless session ID's. This will likely make the session ID part of the URL, which will require the use of SSL/HTTPS for your website to avoid hackers hijacking the session. But the advantage is that you can log in as two different users using a single browser with two or more open tabs.
But fixing the error in the login code might be more practical. You are using OpenID Connect so when a user logs in, first check if he's already authenticated. (That would have happened on the second page.) If so, don't log them in again. But it depends on the code behind the login page that seems to mess things up when a user tries to log in twice without logging off, Without seeing the code. I can't tell exactly where to look.