Get Cookie


An HTTP cookie is data sent by a server in an HTTP response to a client. The client can then return an updated cookie value in subsequent requests to the server. For example, this enables the server to store user preferences, manage sessions, track browsing habits, and so on.

The Get Cookie filter is used to read the Cookie and Set-Cookie HTTP headers. The Cookie header is used when a client sends a cookie to a server. The Set-Cookie header is used when the server instructs the client to store a cookie.

For more details, see the topic on the Create Cookie filter.


Configure the following fields on the Get Cookie Filter Configuration screen:

Filter Name:

Enter an appropriate name to display for this filter.

Cookie Name:

Enter a regular expression that matches the name of the cookie. This value can use wildcards. Defaults to .*.

Remove all Cookie Headers from Message after retrieval:

When this setting is selected, all Cookie and Set-Cookie headers are removed from the message after retrieving the target cookie. This setting is not selected by default.

Attribute Storage

When a cookie is retrieved, it is stored in the appropriate API Gateway message attribute. The following message attributes are used to store cookies:

Cookie Header Type Message Attribute Name
Cookie cookie.cookie_name.value (for example, cookie.mytest.value)
Set-Cookie cookie.cookie_name.cookie_attribute_name (for example, cookie.mytest.header)

Set-Cookie Attribute List

The Set-Cookie HTTP header includes the following cookie attributes (reflected in the Set-Cookie message attribute name):

Cookie Attribute Name Description
header The HTTP header name.
value The value of the cookie.
domain The domain name for this cookie.
path The path on the server to which the browser returns this cookie.
maxage The maximum age of the cookie in days, hours, minutes, and/or seconds.
secure Whether sending this cookie is restricted to a secure protocol. This setting is not selected by default, which means that it can be sent using any protocol.
HTTPOnly Whether the browser should use cookies over HTTP only. This setting is not selected by default.