WSO2 EI: Custom Cookie Header Mediator

4 min readAug 18, 2021

In the modern era, Enterprise Integration Solution development requires service chaining with Cookie handling.

WSO2 Enterprise Integrator is a great platform for developing and deploying complex integration solutions orchestrating different backend services.

Exposing Several Services as a Single Service

This scenario is commonly referred to as Service Chaining. Here, several services are integrated based on some business…

docs.wso2.com

In this post we are going to explore how we can invoke backend services extract response cookies and pass it on to sub-sequent requests to maintain a smooth mediation flow.

Requirement for Cookie Handling in Mediation Flows:

Backends rely on cookies to validate user sessions.
Cookies in the response need to be extracted and stored against the “domain” to be used in the sub-sequent requests.
Cookies set for a “sub domain” need to be passed on to the “super domains” as well.
Cookies need to be checked for “expiry time”.
Depending on the “path” set in the Cookie attribute, cookie needs to be passed on to requests with only those request path.

Cookie Header Mediator

Cookie Header Mediator is a custom class mediator written to handle cookies from backend requests and responses.

The full class mediator code is available in Seralahthan/cookie-header-mediator

In order to engage the Cookie Header Mediator in the mediation flow follow the below steps,

Build the maven project

mvn clean install

Deploy the cookie-header-mediator-1.0.0.jar to the
<EI_HOME>/lib/ directory Or <ESB_HOME>/repository/components/lib directory.
Add the following logger configuration to enable debug logs

Engage the Cookie Header Mediator to the mediation sequence.

Engaging Cookie Header Mediator in Mediation Flow

Invoke a backend and handle cookies in response

In order to handle the response cookies from the backend we need to,

Set the backend “domain” (request domain) to a property.
Set the “cookie-action” property as “get-transport”.
Engage the cookie header mediator in the mediation flow.

Refer to the following snippet of the mediation sequence,

Cookie header mediator will under the hood extract all the cookies from the response and store it in the message context so you we can use those cookies in the sub-sequent calls.

Invoke a backend passing cookies in request header

In order to pass cookies to the backend request we need to,

Set the “cookie-action” property as “set-transport”.
Engage the cookie header mediator in the mediation flow.

Refer to the following snippet of the mediation sequence,

Cookie Header Mediator Logs in Response In Flow

Cookie Header Mediator Logs and Wire Logs in Request Out Flow

As you can see from the above screenshot “Cookie” header is automatically appended to the request based on the cookies set earlier (domain, path, expiry).

Cookie Header Mediator Functionality

Once engaged in the mediation flow Cookie Header Mediator will,

Cookie Extraction Flow

Extract all the cookies set in the Backend responses.

2. Store cookies in a map against the “domain”.

“domain” will be determined considering the “domain” attribute set in the cookie and the request domain.
“domain” attribute set in the cookie will be prioritized over the request domain
If the cookie doesn’t have a “domain” attribute, request domain will be considered as the domain of the cookie.

3. Set cookie path.

Optionally sets cookie path based on the “path” attribute of the cookie.

4. Set cookie expiry time.

Expiry time is set based on the “expires” and “max-age” attributes found in the cookie.
If both “expires” and “max-age” attributes found in a cookie, priority will be given to the “max-age” attribute.
If the cookie is not set with an expiry time, a default expiry time of one hour will be set.

Cookie Appending Flow

Fetches the backend request url and extracts the “request domain” from the url
Fetches all the Cookies from the stored map for the “request domain” and its “super domains”
Appends the active cookies (not expired cookies) to the “Cookie” header based on the cookie path.

References:

[1] https://docs.wso2.com/display/EI660/Exposing+Several+Services+as+a+Single+Service
[2] https://github.com/Seralahthan/cookie-header-mediator
[3] https://docs.wso2.com/display/EI660/Creating+Custom+Mediators+

Hope you enjoyed the blog and got something to take away.

Thank you for Reading!
Cheers!!!