问题描述
在APIM的 <return-response> 策略中,设置Cookie值,因为需要设置多个Cookie值,使用下面两种方式都只能保存一个Cookie值:
方式一:把多个cookie值用分号(;)拼接
<return-response> <set-status code="201" /> <set-header name="Set-Cookie" exists-action="override"> <value>@("cookie0=000000; cookie1=" + context.Variables.GetValueOrDefault<string>("token", "no value"))</value> </set-header> <set-body>@(context.Variables.GetValueOrDefault<string>("token", "no value"))</set-body> </return-response>
方式二:使用多个 set-header name=“Set-Cookie” 节点
<return-response> <set-status code="201" /> <set-header name="Set-Cookie" exists-action="override"> <value>cookie0=000000</value> </set-header> <set-header name="Set-Cookie" > <value>@("cookie1=" + context.Variables.GetValueOrDefault<string>("token", "no value"))</value> </set-header> <set-body>@(context.Variables.GetValueOrDefault<string>("token", "no value"))</set-body> </return-response>
它们的效果分别为:
那么,如何才能保存多个Cookie值呢?
问题解答
在网络中搜索答案,最后突然明白,可以在一个Set Cookie Header中设置多个Value,这样就可以保存多个Cookie。
示例代码
<!-- IMPORTANT: - Policy elements can appear only within the <inbound>, <outbound>, <backend> section elements. - To apply a policy to the incoming request (before it is forwarded to the backend service), place a corresponding policy element within the <inbound> section element. - To apply a policy to the outgoing response (before it is sent back to the caller), place a corresponding policy element within the <outbound> section element. - To add a policy, place the cursor at the desired insertion point and select a policy from the sidebar. - To remove a policy, delete the corresponding policy statement from the policy document. - Position the <base> element within a section element to inherit all policies from the corresponding section element in the enclosing scope. - Remove the <base> element to prevent inheriting policies from the corresponding section element in the enclosing scope. - Policies are applied in the order of their appearance, from the top down. - Comments within policy elements are not supported and may disappear. Place your comments between policy elements or at a higher level scope. --> <policies> <inbound> <base /> <set-variable name="token" value="@(context.Request.Body?.AsFormUrlEncodedContent(preserveContent: true)?["id_token"]?.Single())" /> <return-response> <set-status code="201" /> <set-header name="Set-Cookie" exists-action="override"> <value>cookie0=000000</value> <value>@("cookie1=" + context.Variables.GetValueOrDefault<string>("token", "no value"))</value> <value>@("cookie2=" +"2222222")</value> <value>cookie3=111111</value> </set-header> <set-body>@(context.Variables.GetValueOrDefault<string>("token", "no value"))</set-body> </return-response> </inbound> <backend> <base /> </backend> <outbound> <base /> </outbound> <on-error> <base /> </on-error> </policies>
测试效果
附录:介绍HTTP Cookie
HTTP Cookie(也叫 Web Cookie 或浏览器 Cookie)是服务器发送到用户浏览器并保存在本地的一小块数据。浏览器会存储 cookie 并在下次向同一服务器再发起请求时携带并发送到服务器上。
服务器收到 HTTP 请求后,服务器可以在响应标头里面添加一个或多个 Set-Cookie 选项。浏览器收到响应后通常会保存下 Cookie,并将其放在 HTTP Cookie 标头内,向同一服务器发出请求时一起发送。
参考资料
创建Cookie: https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Cookies#%E5%88%9B%E5%BB%BA_cookie
How to use APIM set-header policy to manage Set-Cookie headers : https://learn.microsoft.com/en-us/answers/questions/1390333/how-to-use-apim-set-header-policy-to-manage-set-co
