Session object expiresAt updates on HTTP GET

scopecreep · August 14, 2020, 9:59pm

Hello-
I understand from your documentation that /sessions/me should get the session and /sessions/me/lifecycle/refresh should update the session, therefore extending the expiresAt property.

Please see the below expected and actual results I am seeing when GET is called on /sessions/me two or more times. Thanks in advance.

Expected Result:
Given I have an active session
And I make a HTTP GET request to /api/v1/sessions/me
And I receive a session object including an expiresAt value
When I make a second HTTP GET request to /api/v1/sessions/me
Then I receive a session object including an expiresAt value equal to my first expiresAt value

Actual Result
Given I have an active session
And I make a HTTP GET request to /api/v1/sessions/me
And I receive a session object including an expiresAt value
When I make a second HTTP GET request to /api/v1/sessions/me
Then I receive a session object including an updated expiresAt value

vijet · August 15, 2020, 7:05pm

Hi @scopecreep,

This is by design. Here’s the explanation - https://support.okta.com/help/s/article/GET-Current-Session-extending-the-user-s-session?language=en_US

scopecreep · August 16, 2020, 4:29pm

Thank you. I will get the session using the session id. @vijet

system · April 25, 2022, 4:45pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.