This situation can arise when Hub is configured to run behind a reverse proxy server. The proxy server can interfere with the process that keeps users logged in.
When users log into Hub or a connected service, they are able to work with the applications for a relatively short period of time (an hour or so), but are then shown a message that they have been logged out and are redirected to the login page.
Users can sign in again without having to re-enter their username and password, but they must repeat this process on a regular basis throughout the day.
Hub uses a hidden inline frame to refresh authentication tokens. If you have set the value for the X-Frame-Options header to DENY for your reverse proxy server, users are logged out when their tokens expire.
All responses that contain static content from Hub set the value for the X-Frame-Options header to SAMEORIGIN. To preserve this value, configure your reverse proxy server to use the X-Frame-Options: SAMEORIGIN directive for all static content from Hub.
For more information, see X-Frame-Options.