.png?width=210&height=60&name=zitadel-logo_text-dark%20(1).png){kind=logo}
CSRF Token invalid error
This error is displayed on the login screen when the CSRF token expires, for example, if the user stays in the login screen for more than 12 hours.
The lifetime of the CSRF token defaults to 12 hours, and that is not something that can be configured.
As an example: Security decisions (like risk scoring or device checks) are made at the time of login. If the login page is left open for hours, that context is outdated and unreliable when the user finally logs in.
This is a sensitive setting that balances usability and security.