【Azure APIM】APIM 策略语句如何来设置多个Cookie值让浏览器保存

问题描述

在APIM的 <return-response> 策略中，设置Cookie值，因为需要设置多个Cookie值，使用下面两种方式都只能保存一个Cookie值：

方式一：把多个cookie值用分号(；）拼接

        <return-response>
            <set-status code="201" />
            <set-header name="Set-Cookie" exists-action="override">
                <value>@("cookie0=000000; cookie1=" + context.Variables.GetValueOrDefault<string>("token", "no value"))</value>
            </set-header>
            <set-body>@(context.Variables.GetValueOrDefault<string>("token", "no value"))</set-body>
        </return-response>

方式二：使用多个 set-header name="Set-Cookie" 节点

        <return-response>
            <set-status code="201" />
            <set-header name="Set-Cookie" exists-action="override">
                <value>cookie0=000000</value>
            </set-header>
            <set-header name="Set-Cookie" >
                <value>@("cookie1=" + context.Variables.GetValueOrDefault<string>("token", "no value"))</value>
            </set-header>
            <set-body>@(context.Variables.GetValueOrDefault<string>("token", "no value"))</set-body>
        </return-response>

它们的效果分别为：

那么，如何才能保存多个Cookie值呢？

问题解答

在网络中搜索答案，最后突然明白，可以在一个Set Cookie Header中设置多个Value，这样就可以保存多个Cookie。

示例代码

<!--
    IMPORTANT:
    - Policy elements can appear only within the <inbound>, <outbound>, <backend> section elements.
    - To apply a policy to the incoming request (before it is forwarded to the backend service), place a corresponding policy element within the <inbound> section element.
    - To apply a policy to the outgoing response (before it is sent back to the caller), place a corresponding policy element within the <outbound> section element.
    - To add a policy, place the cursor at the desired insertion point and select a policy from the sidebar.
    - To remove a policy, delete the corresponding policy statement from the policy document.
    - Position the <base> element within a section element to inherit all policies from the corresponding section element in the enclosing scope.
    - Remove the <base> element to prevent inheriting policies from the corresponding section element in the enclosing scope.
    - Policies are applied in the order of their appearance, from the top down.
    - Comments within policy elements are not supported and may disappear. Place your comments between policy elements or at a higher level scope.
-->
<policies>
    <inbound>
        <base />
        <set-variable name="token" value="@(context.Request.Body?.AsFormUrlEncodedContent(preserveContent: true)?["id_token"]?.Single())" />
        <return-response>
            <set-status code="201" />
            <set-header name="Set-Cookie" exists-action="override">
                <value>cookie0=000000</value>
                <value>@("cookie1=" + context.Variables.GetValueOrDefault<string>("token", "no value"))</value>
                <value>@("cookie2=" +"2222222")</value>
                <value>cookie3=111111</value>
            </set-header>
            <set-body>@(context.Variables.GetValueOrDefault<string>("token", "no value"))</set-body>
        </return-response>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

测试效果

附录：介绍HTTP Cookie

HTTP Cookie（也叫 Web Cookie 或浏览器 Cookie）是服务器发送到用户浏览器并保存在本地的一小块数据。浏览器会存储 cookie 并在下次向同一服务器再发起请求时携带并发送到服务器上。

服务器收到 HTTP 请求后，服务器可以在响应标头里面添加一个或多个 Set-Cookie 选项。浏览器收到响应后通常会保存下 Cookie，并将其放在 HTTP Cookie 标头内，向同一服务器发出请求时一起发送。

参考资料

创建Cookie: https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Cookies#创建_cookie

How to use APIM set-header policy to manage Set-Cookie headers ： https://learn.microsoft.com/en-us/answers/questions/1390333/how-to-use-apim-set-header-policy-to-manage-set-co