I am using IdentityServer application as an external provider. After redirecting from IdentityServer back to my application I am getting "500 unable to unprotect message state. Unknown location". But if I refresh page, I am signed in.
I added logs to requests and all cookies are passed in both requests. For me they look identical. But for some reason redirect doesn't work, but refresh request works