Currently we are having issue when users try to login into either SM or SMSP. Sometimes users get a "Invalid Token" error.
To minimize the occurense of this we have extend token validity to about a week but this is something you don't want in a production environment.
Currently the user needs to remove all cookies and hope that he/she can login again. But not all users are allowed to remove cookies due to policies.
We know there is an option for a ForcedAuth which makes SM or SMSP fetch a new token if the current one is invalid. Please provide a hotfix and implement the permanent solution in future releases