If a session has been started in a browser using the Okta sign-in widget, a session cookie has been set (using
session.setCookieAndRedirect()) and a session ID has been retrieved, if a server-side component then repeatedly uses the “Refresh session” REST API call to keep that session alive, how does this affect the Okta session cookie? Especially if the user does not interact with okta.com in the browser between the session being refreshed and the original expiry time.
Does the Okta session cookie given an expiry that is later than the session’s expiry, so that if the session is extended like this then the browser doesn’t prematurely delete the cookie? Or does the session get refreshed for the purposes of the REST API but not the browser? Or something else?