SP initiated SSO + Session cookie

Hi!
I am building an SP initiated Single sign On and I am able to Log in.
The problem is that I have to control the session of my custom application at my side (because I am using a custom app with a custom login page).
I did not have access to “sid” cookie, because it stays only in okta domain, how can I control the session in my website?
I know that I can create a session with session API and send to my website the cookie generated with “sid” value, but in that case I don’t have a SSO with Okta and other apps.
Am I missing something?

I really appreciate any help, I am stuck on this for days.
Thanks in advance!

As long as the other application does not block third party cookies (since the okta session cookie will ONLY exist on the Okta domain), it can check if the Okta session exists by making a CORS request to the sessions endpoint.

However, your application should NOT be relying on the Okta session cookie to manage your user’s sessions. If you haven’t already, I recommend looking into OpenID Connect and how tokens issued to your applications/user can be used to manage user session. Your OIDC apps can then support SSO (based again on the Okta session cookie), while managing their own sessions on their own domains.

Hello Andrea,
thanks for the answer!
I am able to access Okta session making a request to the sessions endpoint, but this call only works on front-end, I have a requirement to manage login and sessions on java back-end, but back-end always return a session not found doing the same request that is working on front-end.
That’s why I am trying to find a way to read the “sid” cookie and set on my application domain, because having a session id I am able to retrieve session data and control access to my website using java with this endpoint: Sessions | Okta Developer

Maybe OIDC works better, but we are using SAML because of the client architecture that already use SAML in another applications.

In this case, is that some another way that I can read the Okta sid value to control my website access via back-end?

Thank you once more!