...

Session sharing between Backoffice and Portal

The session (the JSESSIONID cookie) is shared between Portal and Backoffice. This means that logging into one connects to the other. And disconnecting from one, disconnects from the other. Note that when a user disconnects from Portal, he is automatically reconnected to the "Portal" application.

Compatibility

There is no change to make in the way the services are called (signin, token refresh, signout). The cookieauth parameter is always used to switch to cookie mode (instead of bearer). However, the sessionauth parameter is no longer supported.

The session/JSESSIONID mode is enabled by default. The operation is imposed on all callers, but it is necessary for them to maintain the JSESSIONID cookie to operate in session mode (including if authenticated by bearer), otherwise there will always be a connection (with execution of the surferservices) at each invocation.

The other old modes are still supported.

Compatibility

…

Portal development in localhost

…Because the JSESSIONID is in strict SameSite, the Portal development done on the localhost domain requires a special setup.

Old cookies maintained by browsers

…Normally, the server handles old cookies that may (especially x-wedia-api-token) interfere with the new system. There may be special unmanaged cases that require cleaning up the cookies in the browser.

Dataview personification

In the concern of giving to our users more flexibility about what they are seeing in the dataview, it’s now possible to show/hide all the i18n field from the dataview. A new button “Translations” is now displayed when i18n fields are present in the dataview. This is totally independant from the security and it’s working on what is already displayed.

...