We are upgrading to OIE from Okta Classic. By following the documentation here Understand how sessions work after the upgrade | Okta Developer, we learned that /api/v1/sessions/${sessionId} - GET would be deprecated in OIE and also the alternative is sessions/me. However, when I did a quick POC with calling sessions/me endpoint, it extends my session each time I’m calling it with our Prod Org. It does not extend session with our Preview Org.
Our business scenario is that we want to alert end user when its session gets close to expire
My questions are:
How are we supposed to get current session info?
What would be the alternative OKTA API to be called in OIE to get session info?
Hey @Patrick.Ding, what you have discovered is a known issue Okta Help Center (Lightning). Without GET /api/v1/sessions/${sessionId} looks like there wouldn’t be another way to get current session info . As your use case is a good example of how devs utilize this endpoint, I recommend posting on our Ideas Page to make this known to our Product Team.
Thanks for the response. Any idea why my Preview Org behaves differently than Prod Org with exactly same endpoint? If there is no such alternative API to be called, are you saying as Okta clients we are not able to know the session timeout in any means with OIE? Just want to understand a bit more.
My team is looking to do the exact thing listed here for a session timer capability/extending session prompt to check current session details with sessions/me in OIE and use sessions/me/lifecycle/refresh, but sessions/me isn’t useful to us if it extends the session with every call.
Patrick what did you end up doing here? I see there was an idea out there with this request, but it was closed and not accepted by the product team.
Also, the Okta known issue page for this is a little contradictory on this. Page states that sessions/me extending the session is more or less by design, but then at the end of the solution it says this is the correct behavior for everything but the sessions/me endpoint? That’s not really a solution for anyone.
For security we need to be able to check whether a current session is still active or about to expire. I don’t want to extend it for an idle user that may have stepped away from an unlocked computer. And for accessibility we need to prompt the user that their idle session is about to time out to allow them to extend the session.
get sessions/{sessionId} endpoint isn’t an alternative to use in Okta Identity Engine, so we have no alternatives from my understanding.
@dsievers have you tried to get current session through Okta’s SDKs? It seems to me Okta SDK would be able to get current session info without extending it. We use Okta .Net SDK.
@Patrick.Ding thank you for your reply! I think we have a path forward continuing to use sessions/me, just in a different way. I’ll keep the SDKs in mind that it can get current session details without extending.
. As your use case is a good example of how devs utilize this endpoint, I recommend posting on our