Issue Summary

Session details are not carried over from an authenticated tab to a non authenticated tab if /step-up/ is added to the url. This happens when an external user has to be verified by additional options like OTP etc.
If the user has multiple tabs open and they shutdown the machine and then later resume the same. All the tabs come up with the /step-up/ part added to the url.
Now if you login to one of the tabs and try to refresh the others the same does not work. The other tabs keep asking for authentication.

Steps to Reproduce

1. External user policy has OTP enabled.
2. To speed up testing set the session timeout to 15 mins.
3. User opens multiple atlassian product/sites in different tabs.
4. Shutdown machine and wait a few minutes, I waited for 15 mins.
5. Once you boot the machine and open a browser all the tabs default to adding /step-up/ to the url.
6. Login to any one of the tabs.
7. Now switch to the other tab and you still have to login again. It will ask for your credentials
8. This has been tested cross OS on both windows and Linux, along with various different browsers.

Expected Results

Once a user is logged into one tab, the other tabs should check for the session details and not ask the user to login again.

Actual Results

Users are forced to open a new tab and cannot resume from where they were in the UI.

Workaround

Remove the /step-up/ part from the url of all the other tabs after any one tab is authenticated.