Cookie rules
Cookie rules define handling rules for cookies that we use in the context of an outbound HTTP connection.
Cookies are set by the remote server using the Set-Cookie: response header setting. The cookie rules determine the handling of a created cookie. The cookie rule defines how this cookie is treated. Cookie rule definitions are owned by policy rules. Each policy rule defines individually how to handle cookies set in outbound HTTP connections.
A Cookie Rule contains the following settings:
- cookie names
- Specify a set of wildcard expressions containing names or name patterns of cookies. For example, the cookie rule with the name LtpaToken* applies to both LtpaToken and LtpaToken2. A cookie rule is owned by a proxy rule. Therefore, a cookie rule is applied if both of the following conditions apply:
- The owning proxy rule is applied.
- The cookie name matches with the wildcard expression.
- cookie handling
- Define how the outbound HTTP connection service handles remote cookies. The outbound HTTP connection service can handle cookies in the following ways:
- block
- Default value. Cookies defined as blocked cookies are filtered out: They are not returned in the response header of the outbound HTTP connection.
- store in session
- Cookies are stored in a cookie store placed in the local HTTP session.
- store in request
- Cookies are stored in a cookie store placed in the local HTTP request.
- passthru
- Cookies of the handling type passthru are copied into the response header of the connection of the Ajax proxy. The domain and cookie path of the cookie that is passed through are converted to the domain and path of the Ajax proxy servlet. The handling type passthru takes effect only if the outbound connection is established through the Ajax proxy.
- wrap
- For cookies of the handling type passthru, they can conflict with local cookies, for example LtpaToken, LtpaToken2, or JSESSIONID cookies. In this case, use the handling type wrap. Cookies of handling type wrap are handled like cookies in passthru mode, but additionally, the cookie name is transformed.
- cookie scope
- Owner of this cookie. A cookie can be associated with the following scopes:
- user
- The cookie is scoped to the current user.
- application
- The cookie is scoped to the application that calls the outbound HTTP connection service.
- system
- The cookie is not scoped at all.
- cookie transformations
- Defines a programming interface. Application developers can use it to implement a custom cookie transformation handler. The custom extension code is called at the following two occasions:
- Before the remote HTTP connection writes the request header to the remote connection
- When the response header of the remote HTTP connection is evaluated.
The custom transformation handler can modify the name, value, domain, and path of the cookie.
Parent Configuration structureRelated tasks:
Use custom cookie transformation handlers