Session object expiresAt updates on HTTP GET

Hello-
I understand from your documentation that /sessions/me should get the session and /sessions/me/lifecycle/refresh should update the session, therefore extending the expiresAt property.

Please see the below expected and actual results I am seeing when GET is called on /sessions/me two or more times. Thanks in advance.

Expected Result:
Given I have an active session
And I make a HTTP GET request to /api/v1/sessions/me
And I receive a session object including an expiresAt value
When I make a second HTTP GET request to /api/v1/sessions/me
Then I receive a session object including an expiresAt value equal to my first expiresAt value

Actual Result
Given I have an active session
And I make a HTTP GET request to /api/v1/sessions/me
And I receive a session object including an expiresAt value
When I make a second HTTP GET request to /api/v1/sessions/me
Then I receive a session object including an updated expiresAt value

Hi @scopecreep,

This is by design. Here’s the explanation - https://support.okta.com/help/s/article/GET-Current-Session-extending-the-user-s-session?language=en_US

1 Like

Thank you. I will get the session using the session id. @vijet

1 Like