I’d reckon @Lukas is on the right track with his question -
I took a look at a problem that sounds similar to the issues you are describing - UI authentication problems (Cookie missing or bad) - #10 by ndejong
The thing to note is this -
A hint for us came when we noticed different source (internal) ip-addresses logged when users authenticated - it appears the gsad session is bound with the observed client IP address and when you have a load-balancer in front of
gsad
the internal client-address that connects can change which in turn then invalidates the auth session token.
Which boils down to - if the apparent client source address that Greenbone observes changes between subsequent requests then the auth-session is invalidated and thus logged out - the fix is to make sure the apparent client source address is consistent which can be achieved by setting the X-Real-IP
http-header
How you’d implement this is really up to you and your environment