There are global IP addresses for accessing Web Security Service (WSS) and it is registered in the WSS portal.
Occasionally WSS is redirecting the authentication page even when not closing the web browser.
This is a current limitation in WSS.
The Auth refresh frequency function does not work correctly if you have multiple global IP addresses and if IP addresses may switch access for the internet.
It will affect the coaching page (notification function) if you use "Allow with coach" in your policies.
Configure your environment to not switch global IP addresses.