I’m playing around with Jwts and have it working. I had a couple questions:
When /session-to-cookie is called, is there a reason that the ss-id, ss-pid, and ss-opt cookies remain? Shouldn’t ss-tok be the only one that is needed?
Is there a way within my service layer to always perform the equivalent of /session-to-cookie, instead of relying on the UI to do it? (use case - user logs in with Credentials Auth or Okta, but we always want to use Jwts).