Provide better user feedback when their login session has expired

When logging in via the API Gateway users have 5 minutes to complete the login flow. When a user has to enable MFA, or is distracted, they may take longer than this.

Currently this results in a 500 error as the login session info has expired:

We should provide better feedback to the user in this case - inviting them to try again and informing them of why the problem has occurred.