Random message.State is null or empty occurencces

We have the authentication/ authorization working well most of the time but we see this error frequently in our logs

We use 1 hour access token and refresh token to acquire new token.

OpenIdConnectAuthenticationHandler: message.State is null or empty.

 services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddCookie()
        .AddOktaMvc(new OktaMvcOptions
        {
            // Replace the Okta placeholders in appsettings.json with your Okta configuration.
            OktaDomain = Configuration.GetValue<string>("Okta:OktaDomain"),
            ClientId = Configuration.GetValue<string>("Okta:ClientId"),
            ClientSecret = Configuration.GetValue<string>("Okta:ClientSecret"),
            AuthorizationServerId = Configuration.GetValue<string>("Okta:AuthorizationServerId"),

            Scope = new[] { "openid", "offline_access" },
            OnAuthenticationFailed = OnAuthenticationFailed,
            OnOktaApiFailure = OnOktaApiFailure
        });

What can cause this error? How can we eliminate this completely?

Interesting - Hard to know but maybe (seems unlikely) you can check to see if the state param is the same when returned from the authorization server as in the original request? Aside from that, I definitely recommend testing/comparing against one of our sample apps to see if you experience the same issue.