SSO is based off of the Okta session which will be tied you the domain you used to authenticate into Okta. Either the Okta domain URL or a custom domain URL if your Org has that setup.
For SSO where your app authorizes into Okta it doesn’t matter if they share the same parent domain or if one is a child of another, it is session tied to the Okta domain that matters.
Setting up a custom domain in Okta and having your applications as sibling domains or child domains of that custom domain has advantages when using the Okta sessions API to check for an existing Okta session. In this scenario you don’t need to be worried if a browser has 3rd party cookies enabled or not for the Sessions API to function.
As far as sharing tokens between applications this is not a recommended setup. Each application should acquire it’s own set of tokens.