So if I understand what you've described here, when you log into Network Management you get one push, and then you can switch to Security Director without an additional Duo authentication request.
When you are logging back in after getting logged out, are you logging back into Network Management? Is it possible to log into Security Director directly, and if so are you protecting that with Duo as well?
The Duo Authentication Proxy's debug log can help you figure out if this is one authentication request with two second-factor pushes, or two separate authentications. We have a comprehensive guide to understanding the Authentication proxy debug output in our knowledge base. I suggest you enable debug logging and examine the logs to see what's happening.
For example, if in the debug log you see successful primary authentication followed by the Duo request twice, that may mean that your Juniper device isn't receiving the access accept packet in time. Perhaps there is a timeout setting in Juniper that you can increase.