How the Okts session shared be shared between applications (or okta properties)

Business Use case -

User should have a unified login experience as he navigate from one okta property to another. That is if the user is already authenticated in one of the application and he navigates to another application (which is a public website that can be accessed both as anonymous user as well as authenticated user) then user will be SSO logged In if the user is having an active Okta session.

Details :

IDP - Okta

Applications behind Okta -

Application1 (completely restricted) . This application uses Okta SAMl for authentication. This application has the login functionality and hosts the login page.

Application to be put behind Okta -

Application2 . This application is a public website. We want to bring Application2 behind same Okta IDP

Entire website can be browsed by the user either as anonymous user or logged in user .

Use Case :

User come to Application1
User login to Application1
User get authenticated to Application1
User navigate to Application 2
If the user okta session is active then user will be routed to Okta for Single Sign On and after seamless authentication land on the website as logged in user
If the user okta session is not active then user will be not be routed to Okta for Single Sign On and user land on the website as an anonymous user

With the above business use case in place, I have two question -

Once the user is authenticated by Okta, how Okta session state can be transmitted between applications. So that application can just look for that session state and if session state is active route the request to okta for single sign on

After the user complete primary authentication into Okta, Okta will set a session cookie on the Okta domain through which the user authenticated.

For example, if you have two applications that both use Okta as the IdP, when the user logs into the first application through the Okta domain, this session cookie will be set. When the user tries to access the second application through the same Okta domain, the existing Okta session will be used and the user will not be prompted to re-authenticate.

Note that because this is reliant on the cookies set on Okta’s own domain, these flows work best when your application using the redirect model to log users in (e.g. if this is an OIDC app, the application redirects to the /authorize endpoint).