There are global IP addresses for accessing Web Security Service (WSS) and it is registered in the WSS portal.
Occasionally WSS is redirecting the authentication page even when not closing the web browser. 

• Global IP address: multiple and the source global IP address may change access for internet.
• Access method: Explicit Proxy Location
• Authentication: Auth Connector
• Surrogate type: Cookies Surrogate
• Auth refresh frequency:1 day

This is a current limitation in WSS.
The Auth refresh frequency function does not work correctly if you have multiple global IP addresses and if IP addresses may switch access for the internet.
It will affect the coaching page (notification function) if you use "Allow with coach"  in your policies.

Configure your environment to not switch global IP addresses.