Today we ran into a “small” issue with HCL Docs editor. The editor opened but as soon as I tried to change anything I got a strange error popup. A 1 minute timeout expired and I should login again…
Create a new blog post in Chrome and it shows a nice message:
This message appeared only in Chrome 91. Firefox 89 just worked.
Checking the browser’s console and network log showed that a request to /docs/api/docsvr/lcfiles/7f45a827-647c-4565-a758-d205828a7567/edit/hb?save=false produced a http error 403.
The developer tools also revealed the problem. The JSESSIONID cookie had the SameSite set to None but has been missing the Secure flag.
Verifying the IBM technotes SameSite Cookie Handling and PH22157.
After adjusting and verifying all possible settings for SameSite and adding the Secure flag to all the Session Cookies, HCL Docs is working in Chrome again.