Within their network (only), after around 10 minutes, a call is done by McAffee to a local url having /mwg-internal to re-authenticate the user. The problem is that this call is done over HTTP and our website is built over HTTPS. Hence the call is stopped and the user is not re-authenticated. Meaning that every other JS call done behind the scene when browsing the website will get blocked.
The only way to keep going, is to open a new tab and browse another website (another domain), this will re-authenticate the user and we can then keep going with our application.
Most of the websites around the web are having "standard" html links and actions where the page is entirely reloaded and that seems to re-authenticate the user when comes time. But our website never refresh the page entirely.
It doesn't seems that their security team will fix that any time soon. Could you please explain how this authentication work and what kind of workaround we could use?