diff --git a/server/auth-router.js b/server/auth-router.js
index 28a9384885..822080a6bc 100644
--- a/server/auth-router.js
+++ b/server/auth-router.js
@@ -166,7 +166,9 @@ module.exports = function authRouter(config = {}) {
 			// Handle errors
 			if (req.query.error && !silentAuth) {
 				// Re-attempt login with the login form forced to display if unauthorized error happened
-				if (req.query.error === 'unauthorized') {
+				if (req.query.error === 'unauthorized'
+					|| req.query.error_description?.toLowerCase() === 'session too old, login required'
+				) {
 					req.query = {}; // Remove query params from previous auth attempt
 					return passport.authenticate('auth0', {
 						audience: config.auth0.apiAudience,
diff --git a/src/util/KvAuth0.js b/src/util/KvAuth0.js
index 7c010d9875..7b1bede14a 100644
--- a/src/util/KvAuth0.js
+++ b/src/util/KvAuth0.js
@@ -288,7 +288,10 @@ export default class KvAuth0 {
 				this.webAuth.checkSession({}, (err, result) => {
 					if (err) {
 						this[setAuthData]();
-						if (err.error === 'login_required' || err.error === 'unauthorized') {
+						if (err.error === 'login_required'
+							|| err.error === 'unauthorized'
+							|| err.error === 'access_denied'
+						) {
 							// User is not logged in, so continue without authentication
 							this[noteLoggedOut]();
 							resolve();
@@ -364,5 +367,5 @@ export const MockKvAuth0 = {
 	checkSession: () => Promise.resolve({}),
 	popupLogin: () => Promise.resolve({}),
 	popupCallback: () => Promise.resolve({}),
-	onError: () => {},
+	onError: () => { },
 };