Customize cookie value validation

Most browsers have an implementation to attach all cookies that belong to the request URL's domain or any of the domain in the hierarchy higher than it.

For example, for the site URL abc.xyz.com, all the cookies are saved on the client that belongs to abc.xyz.com. It also includes the ones that are stored for xyz.com are sent with the request to the server.

When you implement the application site for which the site URL follows a similar trend as explained in the example, customizing cookie value validation rules become critical to support all the cookies that are sent by any request for the application site, which includes the parent domain cookies.

So, specific rules for specific cookie values must be registered as follows:

If parent domain is adding a cookie _parent_domain_cookie_name, add a validation rule in the customized file as:

<Rule id="sc-parent_domain_cookie-value-rule" ruleType="Regex" inputType="HTTPCookieValue" inputName="_parent_domain_cookie_name" maxLength="1000">
<Whitelist>
		<RegularExpression ref="<Custom regular expression"/>
	</Whitelist>
</Rule>

Or override the default regular expression that is used by the application to validate all the cookie values in customized regular expression file. The regular-expression id to over-ride is sc-cookie-value-pattern.