I am using open id connect and okta-auth-js lib for session creation and getting session token, authorize etc. The application is for internal as well as external users. For internal user when I open http://logon.okta.com/ in one tab and open my application in another tab of the chrome browser then in clientside code on calling session.exists() which uses (https://logon.okta.com/api/v1/sessions/me) returns as true. But when I don’t open the http://logon.okta.com/ in one browser and open my application session.exists() returns false. The IWA is enabled in okta so why this is happening?
Are you saying that the Okta session cookie is found in the same browser in another tab but does not work across/in different browsers? How does your application use the session cookie? Are users being prompted to login at all when they go to your application directly?
In order for sessions.exists to return as true, the Okta session cookie ‘sid’ must be present at the Okta domain to indicate that the user has already authenticated with Okta. It sounds like in the second scenario, the Okta session cookie has not yet been created because user has not yet been authenticated with Okta.