How to override the existing session cookie with a new sessionToken Skip to main content
https://support.okta.com/help/answers?id=9062a000000quqrqas&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Xiao XiaoXiao Xiao 

How to override the existing session cookie with a new sessionToken

Hi,
We want to have update the session cookie in the browser once we want to do oidc flow with a new sessionToken.
Currently we just logout the current session and then rediect to authorize enpoint.
Is there any better way to do it implicitly?

Regards,
Xiao

All Answers

Thomas KirkThomas Kirk (Okta, Inc.)
Xiao,

If the user still has a valid session at Okta, you can simply make an additional authorize call without a sessionToken. If the authorize call fails because the session is invalid, you could prompt for auth in your app to get another sessionToken to pass in another authorize call.
Xiao XiaoXiao Xiao
Hi Thomas,
Thanks for your reply. The scenario is a user wants to login and authorize with the new session token, while there is already another session existing that logging in by another user. Is there a way we can override that session cookie
without we logout the previous session and then authorize with the new session token
Thomas KirkThomas Kirk (Okta, Inc.)
The /authorize api ignores the sessionToken unless there isn't a valid session. If there is a valid session, it will returned behave on behalf of the already logged in user. 

You will need to invalidate the session and then re-authorize with the new sessionToken. 
Xiao XiaoXiao Xiao
OK, Is there a best practice to invalidate okta session exclude oktasignwidget.signout()?