CA API Gateway 9.1

9.4 9.1

Manage Cookie Assertion

The Manage Cookie assertion is used to manipulate the cookies in a policy. This assertion is designed specifically for cookie configuration and provides more flexibility than the basic cookie handling capabilities offered in the Manage Transport Properties/Headers or the Route via HTTP(S) assertions.
gateway83
The
Manage Cookie
 assertion is used to manipulate the cookies in a policy. This assertion is designed specifically for cookie configuration and provides more flexibility than the basic cookie handling capabilities offered in the Manage Transport Properties/Headers or the Route via HTTP(S) assertions.
This assertion supports the original Netscape cookie specifications (http://curl.haxx.se/rfc/cookie_spec.html), as well as RFC 2109 (http://tools.ietf.org/html/rfc2109).
To learn about selecting the target message for this assertion, see Selecting a Target Message.
The Gateway may rewrite cookie attributes in order to track cookies origins or to ensure that the cookies will be sent back to the Gateway in subsequent requests. It is recommended that this automatic rewriting be maintained, but advanced users may disable the rewriting for troubleshooting purposes by setting the following context variables to 'false':
${response.cookie.overwritePath}
 and
${response.cookie.overwriteDomain}
.
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Add an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. When adding the assertion, the Cookie Properties automatically appear; when modifying the assertion, right-click the assertion
    in the policy window (the name differs according to the assertion configuration) and select
    Cookie Properties
     or double-click the assertion in the policy window. The assertion properties are displayed. 
  3. Select a task to perform:
    To...
    Do this...
    Add a new cookie
    1. Choose the appropriate add operation: 
      • Add:
         Add a new cookie. Note: The assertion will fail if the cookie already exists.
      • Add or Replace:
         Add a new cookie, replacing any existing cook with the same name, domain, and path.
    2. Enter as many attributes about the cookie as necessary. You may reference context variables in any of the attribute fields.
      • Name
         and
        Value
         are required at a minimum.
      • Version:
         Enter a value that specifies to which version the state management specification the cookie conforms.
      • Domain:
         Enter a value that specifies the domain for which the cookie is valid. Domains that are explicitly specified must always begin with a period.
      • Path:
         Enter a value that specifies the subset of URLs to which this cookie applies.
      • Max Age:
         Enter the lifetime of the cookie, in seconds. When the Max Age is reached, the cookie is discarded by the client. A value of "
        0
        " (zero) indicates that the cookie will be discarded immediately, effectively ending the session.
        (1) The agent may not retain the cookie for the specified duration; the cookie may be evicted due to memory pressure or privacy concerns. (2) Some agents do not support the Max Age attribute and will ignore it.
      •  
        Expires:
         Use the calendar control to choose an expiration date for the cookie.
        (1) If you choose an invalid date (for example, a date in the past), the date is highlighted in red but you will still be able to close the dialog box. (2) If you manually change the date, be sure to update the day of the week as well, otherwise the date will be flagged as erroneous.
      • Comment:
         Use this field to document the intended use of the cookie.
       
    3. Optionally select these attributes:
      • Secure:
         The cookie can only be used in secure/encrypted connections.
      • HttpOnly:
         The cookie is not exposed through channels other than HTTP or HTTPS requests. These cookies are not accessible via non-HTTP methods, such as calls via JavaScript.
    Remove cookies
     
    1. Choose the
      Remove
       operation.
    2. Under "Match by", enter one or more attributes to locate the cookie(s) you wish to remove. You may also a specify context variable or regular expression to delete several cookies at once. If regular expression is entered, select the
      regular expression
       check box.
    Update the attributes of existing cookies
    1. Choose the
      Update
       operation.
    2. Clear the
      original value
       check box for any attribute that you wish to update, then enter the updated value in the adjacent text box. As with adding, you may reference context variables.
      The "original value" check boxes mean to leave the original value of the attribute unchanged.
    3. Under "Match by", specify one or more attributes to locate the cookie(s) you wish to update. You may also specify a context variable or regular expression to update multiple cookies at once. If a regular expression is entered, select the
      regular expression
       check box.
  4. Click [
    OK
    ]
     
    when done. 

Content feedback and comments