sessionToken is ignored if okta cookies are present

We are building a app with an embedded webview (browser under the covers)

We submit a username and password to the authn endpoint to get back a sessionToken.

We pass that session token to a few different embed links (which are saml2 endpoints)
However, we’ve started using different user name and passwords on a few and now
the sites that don’t share credentials no longer work after you’ve visited the first ones

Specifically, we are denied access to sites after the first site because the authentication mechanism
is ignoring our session token and looking at the data from the previous sites which have various Okta cookies like DT and sid and sessiontoken.

While we can clear our cookies prior to each request, we lose the benefit of the cached items like images, html etc.

Is there a configuration so the queryparam sessiontoken is examined first prior to cookies sent with the request. ?

Hi @Sorbitol

The sessionToken can be used only once and in the first 5 minutes since it was created to establish a valid connection in the browser window/webview.

The best solution would be to establish the connection to Okta behind the scenes and then use session refresh to refresh the session in Okta while the user is active inside the application. During this time, the user will be able to successfully access any SAML applications by visiting the embed URL.