Flask Invalidates Login Session on most page requests

Question

I have a Flask App deployed on IIS using FastCGI. After logging in, I'm successfully redirected to homepage with the user information displayed. Both the Session & Remember_Token are also created.

The configuration I have for Flask-Login cookie and Flask's Session cookie:

    SESSION_COOKIE_HTTPONLY = True
    SESSION_COOKIE_SAMESITE = "LaX"
    REMEMBER_COOKIE_HTTPONLY = True
    REMEMBER_COOKIE_SAMESITE = "LaX"

User loader & saving user:

users = {}

@login_manager.user_loader
def load_user(id):
    if id in users:
        return users[id]
    return None

@ldap_manager.save_user
def save_user(dn, username, data, memberships):
    groups = set()

    for group in data['memberOf']:
        group_name = group.split(',')
        groups.add(group_name[0].split('=')[-1])

    user = User(dn, username, data, groups)
    users[dn] = user
    return user

Note: The App is supposed to run on HTTTP only

When clicking on another page or even refreshing the home page (after login), it redirects to login page (most of the time, very random) as if the unauthorized_handler is getting invoked and redirecting me to login.

There are no errors in the browser's Console, nothing fails to load in the Network tab and no errors written to app.log (WSGI_LOG):

2023-01-18 15:41:36.973603: wfastcgi.py will restart when files in C:\inetpub\wwwroot\flaskapp\ are changed: .*((\.py)|(\.config))$
2023-01-18 15:41:36.976605: wfastcgi.py 3.0.0 initialized
2023-01-18 15:41:44.357961: wfastcgi.py will restart when files in C:\inetpub\wwwroot\flaskapp\ are changed: .*((\.py)|(\.config))$
2023-01-18 15:41:44.359960: wfastcgi.py 3.0.0 initialized

I also tried enabling IIS's Failed Request Tracing for Error 500 but nothing is getting caught.

Login View:

@auth.route("/login", methods=['GET', 'POST'])
def login():

    # Instantiate a LDAPLoginForm which has a validator to check if the user
    # exists in LDAP.
    form = LDAPLoginForm()

    if form.is_submitted():
        if form.validate():    
            for group in form.user.data['memberOf']:
                group_name = group.split(',')

                if group_name[0].split('=')[-1] in current_app.config['LOGIN_GROUPS']:             
                    login_user(form.user, form.data['remember_me'])
                    return redirect(url_for('home'))  # Send them home

            flash('Access Denied - Insufficient Permissions', 'danger') 
        else:
            flash('Invalid Username or Password', 'danger')

    return render_template('login.html', form=form)

Possible duplicate but the answer is related to the SECRET_KEY. Mine is configured as a constant in the config.py of my app.