This article explains how to invalidate a session in Okta Identity Engine (OIE) using Application Programming Interface (API) calls. It addresses the procedural changes required when managing session lifecycles in OIE compared to the Okta Classic Engine.

• Sessions
• Okta Identity Engine (OIE)
• Application programming interface (API)

Sessions in OIE function based on the idx cookie rather than the Session ID (sid) used in Okta Classic Engine. Consequently, API calls requiring a Session ID to manage lifecycles are not compatible with OIE sessions. This includes the call to invalidate an existing session, which was performed in Okta Classic using the following API call: DELETE {url}/api/v1/sessions/{sid}.

To invalidate an OIE session, perform the following steps:

1. Retrieve the idx cookie from the target session.
2. Open the Developer Tools in the browser.
3. Select the Application tab.
4. Under Cookies, select the tenant's URL.
5. Select idx and copy the value.
6. Prepare the following API call: DELETE {url}/api/v1/sessions/me.
7. Add a new header with these properties:
   • Key: Cookie
   • Value: idx={<idx>}, where <idx> represents the value copied in step 5.

Related References

• Understand how sessions work after the upgrade