In docs, for Alfresco, said they need to add an exclusion for ressources path
In documentation,
Add an exclusion for the path /share/res should be done with noprotect.
If not done, in some case like using firefox, when he reopen archived tabs, he keep in memory all js and some interaction due to the call in js on an expired cookie make and infinit loop to the authentification portal.