Get Current Session API Server Side

Is it possible to call the Get Current Session api (/api/v1/sessions/me) from the server side? Everytime I call it (c #) I get ‘404’ even if I have an Okta session.

If I call it using Javascript, I get a response when I have an Okta session.

Is this api only meant to be called in client? The client call doesn’t fit into our workflow.

Since your application domain would not match your Okta domain, browser would not send the Okta cookie to your server and unless you have the Okta session cookie value on the server side, this call cannot be made from the server - it will have to be made from the client side. On the client side, browser will automatically pass the Okta cookie which will be used by Okta to identify the session is valid or not and provide details about the user. What is the user workflow? You may have to look at alternative way of getting session details or find a way to pass the info from client to server.

1 Like

Thanks for the response. Just wanted confirmation that the server side call was not going to work. I have updated to used client and is working now.

What exactly you did to make this work at client side ? please let me know.

Thanks in advance.

Hi @kunal.parekh

Here’s an example to retrieve the current session via client side

var baseUrl = 'https://yourOktaCompany.okta.com';
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
    xhr.onerror = function() {
      alert('Invalid URL or Cross-Origin Request Blocked.  You must explicitly add this site (' + window.location.origin + ') to the list of allowed websites in the administrator UI');
    }
    xhr.onload = function() {
        alert(this.responseText);
    };
    xhr.open('GET', baseUrl + '/api/v1/sessions/me', true);
    xhr.withCredentials = true;
    xhr.send();
} else {
    alert("CORS is not supported for this browser!")
}

Hi @dragos,

Your code snippet works great from Chrome, but always returns error “E0000007”, no session found, when run in IE11. Is there something blocking IE11 from reading the session cookie? How can I get an existing session from IE11?

Hi @shutchinson

I’ve just checked the script on my end in Internet Explorer 11 and I did not encounter any issues.

image

Can you please check if you have an active session in Okta in IE11 when running the script and if the browser policies allow CORS?

The browser policies allow CORS, and I can authenticate and redirect just fine. Every test I have done in IE11 tells me that I don’t have an active Okta session though. This is perplexing because the same code works perfectly well in Chrome.

Is there some special way to set the Session in IE11? I am currently using the OktaSignIn widget for JS.

Since you mentioned that you’re using IE 11, can you also check the settings there to ensure the following:

  1. IE is set to allow third party cookies as Okta sets a session cookie, ‘sid,’ upon successful authentication
  2. Your Okta domain, such as https://{{org}}.okta.com, and, if you are using one, your Custom Domain are added as Trusted Sites in IE