问题描述
在APIM的 <return-response> 策略中,设置Cookie值,因为需要设置多个Cookie值,使用下面两种方式都只能保存一个Cookie值:
方式一:把多个cookie值用分号(;)拼接
<return-response>
<set-status code="201" />
<set-header name="Set-Cookie" exists-action="override">
<value>@("cookie0=000000; cookie1=" + context.Variables.GetValueOrDefault<string>("token", "no value"))</value>
</set-header>
<set-body>@(context.Variables.GetValueOrDefault<string>("token", "no value"))</set-body>
</return-response>
方式二:使用多个 set-header name="Set-Cookie" 节点
<return-response>
<set-status code="201" />
<set-header name="Set-Cookie" exists-action="override">
<value>cookie0=000000</value>
</set-header>
<set-header name="Set-Cookie" >
<value>@("cookie1=" + context.Variables.GetValueOrDefault<string>("token", "no value"))</value>
</set-header>
<set-body>@(context.Variables.GetValueOrDefault<string>("token", "no value"))</set-body>
</return-response>
它们的效果分别为:
那么,如何才能保存多个Cookie值呢?
问题解答
在网络中搜索答案,最后突然明白,可以在一个Set Cookie Header中设置多个Value,这样就可以保存多个Cookie。
示例代码
<!--
IMPORTANT:
- Policy elements can appear only within the <inbound>, <outbound>, <backend> section elements.
- To apply a policy to the incoming request (before it is forwarded to the backend service), place a corresponding policy element within the <inbound> section element.
- To apply a policy to the outgoing response (before it is sent back to the caller), place a corresponding policy element within the <outbound> section element.
- To add a policy, place the cursor at the desired insertion point and select a policy from the sidebar.
- To remove a policy, delete the corresponding policy statement from the policy document.
- Position the <base> element within a section element to inherit all policies from the corresponding section element in the enclosing scope.
- Remove the <base> element to prevent inheriting policies from the corresponding section element in the enclosing scope.
- Policies are applied in the order of their appearance, from the top down.
- Comments within policy elements are not supported and may disappear. Place your comments between policy elements or at a higher level scope.
-->
<policies>
<inbound>
<base />
<set-variable name="token" value="@(context.Request.Body?.AsFormUrlEncodedContent(preserveContent: true)?["id_token"]?.Single())" />
<return-response>
<set-status code="201" />
<set-header name="Set-Cookie" exists-action="override">
<value>cookie0=000000</value>
<value>@("cookie1=" + context.Variables.GetValueOrDefault<string>("token", "no value"))</value>
<value>@("cookie2=" +"2222222")</value>
<value>cookie3=111111</value>
</set-header>
<set-body>@(context.Variables.GetValueOrDefault<string>("token", "no value"))</set-body>
</return-response>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
测试效果
附录:介绍HTTP Cookie
HTTP Cookie(也叫 Web Cookie 或浏览器 Cookie)是服务器发送到用户浏览器并保存在本地的一小块数据。浏览器会存储 cookie 并在下次向同一服务器再发起请求时携带并发送到服务器上。
服务器收到 HTTP 请求后,服务器可以在响应标头里面添加一个或多个 Set-Cookie 选项。浏览器收到响应后通常会保存下 Cookie,并将其放在 HTTP Cookie 标头内,向同一服务器发出请求时一起发送。
参考资料
创建Cookie: https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Cookies#创建_cookie
How to use APIM set-header policy to manage Set-Cookie headers : https://learn.microsoft.com/en-us/answers/questions/1390333/how-to-use-apim-set-header-policy-to-manage-set-co