+

Search Tips   |   Advanced Search

Cookie rules

Cookie rules define handling rules for cookies that we use in the context of an outbound HTTP connection.

Cookies are set by the remote server using the Set-Cookie: response header setting. The cookie rules determine the handling of a created cookie. The cookie rule defines how this cookie is treated. Cookie rule definitions are owned by policy rules. Each policy rule defines individually how to handle cookies set in outbound HTTP connections.

A Cookie Rule contains the following settings:

    cookie names
    Specify a set of wildcard expressions containing names or name patterns of cookies. For example, the cookie rule with the name LtpaToken* applies to both LtpaToken and LtpaToken2. A cookie rule is owned by a proxy rule. Therefore, a cookie rule is applied if both of the following conditions apply:

    • The owning proxy rule is applied.

    • The cookie name matches with the wildcard expression.

    cookie handling
    Define how the outbound HTTP connection service handles remote cookies. The outbound HTTP connection service can handle cookies in the following ways:

      block
      Default value. Cookies defined as blocked cookies are filtered out: They are not returned in the response header of the outbound HTTP connection.

      store in session
      Cookies are stored in a cookie store placed in the local HTTP session.

      store in request
      Cookies are stored in a cookie store placed in the local HTTP request.

      passthru
      Cookies of the handling type passthru are copied into the response header of the connection of the Ajax proxy. The domain and cookie path of the cookie that is passed through are converted to the domain and path of the Ajax proxy servlet. The handling type passthru takes effect only if the outbound connection is established through the Ajax proxy.

      wrap
      If we use cookies of the handling type passthru, they can conflict with local cookies, for example LtpaToken, LtpaToken2, or JSESSIONID cookies. In this case, use the handling type wrap. Cookies of handling type wrap are handled like cookies in passthru mode, but additionally, the cookie name is transformed.

    cookie scope
    Owner of this cookie. A cookie can be associated with the following scopes:

      user
      The cookie is scoped to the current user.

      application
      The cookie is scoped to the application that calls the outbound HTTP connection service.

      system
      The cookie is not scoped at all.

    cookie transformations
    This setting defines a programming interface. Application developers can use it to implement a custom cookie transformation handler. The custom extension code is called at the following two occasions:

    1. Before the remote HTTP connection writes the request header to the remote connection
    2. When the response header of the remote HTTP connection is evaluated.

    The custom transformation handler can modify the name, value, domain, and path of the cookie.


Parent Configuration structure

Related tasks:

Use custom cookie transformation handlers