Local development with REST API sessionfull mode

As of 2021.4.0, portal will be using a J2EE session through RESTAPI.

Whereas this doesn’t impact anything on the portal application, you might encounter issues if you are developing on portal from localhost

Reason is that the JSESSIONID cookie is sent directly by tomcat with an empty SameSite attribute that is resolved to “Lax” by the browser (at least by Chrome).

Unfortunately, it is not possible with the tomcat used by the Ubuntu version of the servers we are using to force a value for the SameSite attribute.

Here is a workaround that allows you to do localhost development on a distant server:

We will leverage on the default value that the browser will apply to the SameSite attribute (Lax as of now). What we need to do is to access our localhost website and making it recognized as a subdomain of our Wedia server. Assuming our server is dev-club-wed.wedia-group.com

1. In your hosts file, create a new entry as a subdomain of the server you are using eg:
   127.0.0.1 localhost.dev-club-wed.wedia-group.com # if your server is dev-club-wed.wedia-group.com

2. In chrome, disable the flag Schemeful Same-Site:
   NOTE: You can skip this step if you run the portal over HTTPS on your machine. You just need to add https: true in the devServer section of the vue.config.js

   1. on chrome, navigate to chrome://flags

   2. search for Schemeful Same-Site and switch it to Disabled

3. On your server, duplicate the localhost:9000 CORS rule, and change it tou your domain eg: localhost.dev-club-wed.wedia-group.com

4. Run your portal application npm run serve; then instead of accessing it through localhost:9000, access localhost.dev-club-wed.wedia-group.com:9000

You should be able to access the portal