Are you using one of our SDKs, and if so which version?
With the later SDKs a user will be considered logged in if they have both an access_token / id_token present in the token store and both are still valid (have not expired).
What could be happening is your access_token session expire might be set longer than 1 hour, but the id_token will be set to 1 hour and can’t be changed. Depending on your Orgs
Sign On policy, a users Okta session lifetime could be set to less than the access or id token. So when the id or access token expires, the SDK tries to do an /authorize noprompt call. If the Okta session has already expired this will fail, and you will be logged out the of SPA app. To work around this a couple of solutions,
Set a longer Okta session lifetime in
Sign On policy
The better option would be to use a refresh token if not already. Using a refresh token does not reply on the Okta session cookie for your domain. Anytime either the id_token or the access_token is about to expire the refresh token will renew it. More info can be found here and here.
Hopefully one of the above will address the problem.