We are building a app with an embedded webview (browser under the covers)
We submit a username and password to the authn endpoint to get back a sessionToken.
We pass that session token to a few different embed links (which are saml2 endpoints)
However, we’ve started using different user name and passwords on a few and now
the sites that don’t share credentials no longer work after you’ve visited the first ones
Specifically, we are denied access to sites after the first site because the authentication mechanism
is ignoring our session token and looking at the data from the previous sites which have various Okta cookies like DT and sid and sessiontoken.
While we can clear our cookies prior to each request, we lose the benefit of the cached items like images, html etc.
Is there a configuration so the queryparam sessiontoken is examined first prior to cookies sent with the request. ?