Hi Jeff,
thanks a lot for your message.
I think the root case was the expiration of the OIDC session.
My IdP (Keycloak) was configured to issue 4h long tokens but OOD (thought the apache web server config) was configured to use a lower session duration.
To solve it, I replaced he default OIDC session values in the OOD apache config by the same values I had in Keycloak.
After that change, I (well, actually my users) never experienced this issue again.
Thanks a lot for your follow up message,
Daniel.