persistent cookie Skip to main content
https://support.okta.com/help/answers?id=9062a000000qublqac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Akshay GulatiAkshay Gulati 

persistent cookie

Hi Wanted to know about persistent cookie for remember me features and how can the same be implemented in Okta?
Chris HancockChris Hancock (Okta, Inc.)
Hi Akshay, 

When you have sign on policies or per app sign on policies that challenge for MultiFactor Authentication on a per session or per device policy you will need to utilise the deviceToken context object for each authentication request. 

We document its use on our developer site here:
https://developer.okta.com/docs/api/resources/authn.html#context-object 

"You must always pass the same deviceToken for a user’s device with every authentication request for per-device or per-session Sign-On Policy factor challenges. If the deviceToken is absent or does not match the previous deviceToken, the user will be challenged every-time instead of per-device or per-session."

Additionally, You will also need to provide an option for users to choose whether they would like to remember their device, during the MFA verification. This option should then send this as a request parameter. 
i.e.  /api/v1/authn/factors/:fid/verify?rememberDevice=true

We also document this component on our developer site. 
https://developer.okta.com/docs/api/resources/authn.html#verify-factor

"If the sign-on (or app sign-on) policy allows remembering the device, then the end user should be prompted to choose whether the current device should be remembered. This helps reduce the number of times the user is prompted for MFA on the current device. The user’s choice should be passed to Okta using the request parameter rememberDevice to the verify endpoint. The default value of rememberDevice parameter is false."

Hope the above information is helpful, if you encounter issues implementing the above please feel free to log a support ticket and we will be able to provide more comprehensive guidance. 

Thank You,
Chris Hancock