Here’s an example to retrieve the current session via client side
var baseUrl = 'https://yourOktaCompany.okta.com';
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
xhr.onerror = function() {
alert('Invalid URL or Cross-Origin Request Blocked. You must explicitly add this site (' + window.location.origin + ') to the list of allowed websites in the administrator UI');
}
xhr.onload = function() {
alert(this.responseText);
};
xhr.open('GET', baseUrl + '/api/v1/sessions/me', true);
xhr.withCredentials = true;
xhr.send();
} else {
alert("CORS is not supported for this browser!")
}