Hi @Lonli-Lokli! Yes, a refresh token is not required when creating a cookie as they are independent of each other - see similar discussions here - How will session expire time and refresh token lifetime work together? - #2 by andrea. Specifically, if a user’s session expires they will still have access to the application with the refresh token option enabled, so be sure to revoke the user’s tokens on logout.
sigama
4
Related topics
| Post | Replies | Views | Activity | |
|---|---|---|---|---|
| Difference between session.setCookieAndRedirect() and signInWithRedirect() | 7 | 6178 | May 20, 2021 | |
| How to get session cookie | 6 | 9376 | April 22, 2022 | |
| Clearing Okta session SID cookie from the browser | 12 | 5729 | November 4, 2022 | |
| Okta SignIn Widget and Refresh Tokens | 18 | 7643 | September 29, 2020 | |
| What are the sid, jsessionid and srefresh cookies for? | 1 | 2426 | March 4, 2024 |