<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Okta Access Gateway: Application Getting CORS Error After Session Expiration

Access Gateway
Okta Classic Engine

Overview

When an Okta Access Gateway (OAG) session expires, applications encounter a Cross-Origin Resource Sharing (CORS) error upon form submission because JavaScript fails to send the API redirect link to the browser. Resolve this issue by increasing the session timeout, using the browser session expiration setting, or applying the Extend AJAX session policy. The observable symptom is a CORS error appearing when a form is submitted following an expired OAG session, which prevents the login flow from initiating.

Applies To

  • Okta Access Gateway (OAG)
  • Okta Identity Engine (OIE)
  • Okta Classic Engine

Cause

This issue occurs because of how JavaScript handles the page refresh. JavaScript performs an API call and receives a redirect link after expiration but is not designed to send the link to the browser. The request then fails with a CORS error. Because the browser does not receive the redirect link, Okta does not initiate the login flow.

Solution

How is the CORS error resolved after an Okta Access Gateway session expires?

Implement one of the following workarounds to adjust the session configuration and resolve the CORS error.

  • Increase the session timeout or use the browser session expiration setting for the application.
  • Use the Extend AJAX session policy in the OAG application.
Loading
Okta Support - Okta Access Gateway: Application Getting CORS Error After Session Expiration