CookieRewrite

Use the CookieRewrite policy to modify the path and/or domain string in a cookie set on the response.

If the policy is placed in the response flow, the cookie is flagged as secure.

Examples

Example 1:

In this example, the path of the cookie is replaced by a path built using the tenant ID and product name.

<cookieRewrite
        xmlns="http://www.infor.com/ion/api"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        name="cookieRewrite-example" displayName="cookieRewrite-example" enabled="true" version="1.0" >
        <cookieName>sessionId</cookieName> 
        <path>/{context.mcc.Tenant.Id}/{context.mcc.Context}</path>
</cookieRewrite>

In the example above, reference is made to a variable in the context object. The context object is a shared dictionary of information that can be accessed from the policies.

Example 2:

In this example, the domain of the cookie is replaced by a string built using the tenant ID.

<cookieRewrite name="cookieRewrite-example" displayName="cookieRewrite-example" enabled="true" >
        <cookieName>sessionId</cookieName>
        <domain>/{context.mcc.Context}</domain>
</cookieRewrite>

In the previous two examples, the path and domain are overwritten with a string literal. A smarter way of modifying a cookie is achieved through a set of rules as shown in the next example.

Example 3:

This example shows the use of two rules:

  • Replace the beginning of the root up to the version (v1.0) with /ACME_PRD/BI/
  • Add /extra_path/ to the end of the path

For example:

/mycompany/mobile/v1.0/Best_Practices_Templates -> /ACME_PRD/BI/api/mobile/Best_Practices_Templates/extra_path

<cookieRewrite name="cookieRewrite-example" displayName="cookieRewrite-example" enabled="true" >
    <cookieName>sessionId</cookieName>
    <rewriteRules on="path">
        <rule>       
            <pattern>\/.*\/v1.0\/</pattern>                      <!--Matches the character strings up to  "v1.0"-->
            <replacement>/ACME_PRD/BI/api/mobile/</replacement>  <!--Replaces the found characters with /ACME_PRD/BI/ -->
        </rule>
        <rule>       
            <pattern>$</pattern>                                 <!--Matches the end of the path-->
            <replacement>/extra_path</replacement>               <!--Replaces (actually appends) with /extra_path -->
        </rule>
    </rewriteRules>
</cookieRewrite>

Configuration

Element name Deault Presence Type Multiplicity
cookieName n/a Required string 1
domain n/a Optional string 0..1
path n/a Optional string 0..1

<cookieRewrite> attributes

<cookieRewrite name="cookieRewrite-example" displayName="cookieRewrite-example" enabled="true" version="1.0">
File name Description Default Presence
name Name of this policy instance. N/A Required
displayName Optional
enabled Indicates if a policy is enforced or not. If set to false, a policy is turned off, and not enforced. true Optional

version

Policy version. N/A Required

<cookieName> element

Use to specify the name of the cookie affected by this policy. The cookie name can be either a static string or a regular expression. A regular expression is denoted by forward slashes.

<cookieName>sessionId</cookieName>

Example using a regular expression:

<cookieName>/^sessionId.*/</cookieName>

<unsecureHttpTarget> element

If this element is placed in the request flow and the target uses http instead of https, this configuration element removes the secure flag from the given cookie.

<unsecureHttpTarget/>

<domain> element

This element is used to specify the desired string value for the cookie domain.

<domain>/myCompany</domain>

<path> element

This element is used to specify the desired string value for the cookie path.

<path>/myCompany/</path>

<rewriteRules> element

This element is used to specify the list of rules to apply to either the path of domain.

<rewriteRules on="path">
    <rule>       
        <pattern>\/.*\/v1.0\/</pattern>                      <!--Matches the character strings up to  "v1.0"-->
        <replacement>/ACME_PRD/BI/api/mobile/</replacement>  <!--Replaces the found characters with /ACME_PRD/BI/ -->
    </rule>
    <rule>       
        <pattern>$</pattern>                                 <!--Matches the end of the path-->
        <replacement>/extra_path</replacement>               <!--Replaces (actually appends) with /extra_path -->
    </rule>
</rewriteRules>
Field name Description Default Presence
on Element of the cookie to which the rules apply - either path or domain. N/a Required

<rule> element

This element configures a rule to overwrite a cookie element.

<pattern> element

This element determines the regex pattern to match. Keep in mind that the regex expressions are evaluated in Javascript.

<pattern>\/.*\/v1.0\/</pattern> <!--Matches the character strings up to "v1.0"-->