The control API cookie itself has to comply with the standard cookie specification.
For interaction with Airlock Gateway, the following syntax is used:
control-cookie = control-cookie-name "=" control-cookie-value control-cookie-name = "AL_CONTROL" control-cookie-value = commands ;at this place 'commands' must be percent encoded commands = command [ "&" commands ] command = audit-token-command | basic-auth-command | credential-command | header-command | kerberos-user-command | ntlm-command | session-command | timeout-command | tracking-command | auth-workflow-command | session-variable-command
The control API cookie value is a percent-encoded string of commands. Each decoded command is represented as a name-value pair and separated by an ampersand.
Example:
The pseudo code example below shows how to set the control API cookie using the HTTP header "Set-Cookie" command.
Pseudo code:
response.header="Set-Cookie: AL_CONTROL="+URL_Encode("SET_CREDENTIALS="+URL_Encode("admin")+"&AUDIT_TOKEN="+URL_Encode("jsmith"))
Results in:
Set-Cookie: AL_CONTROL=SET_CREDENTIALS%3Dadmin%26AUDIT_TOKEN%3Djsmith