We've been making changes to how we organize and display our docs. Our work isn't done but we'd love your feedback.
Getting started
Basics
Domains & Origins
Performance

Configuration
Basics
Conditions
Dictionaries
Domains & Origins
Request settings
Cache settings
Headers
Responses
Performance
Custom VCL
Image optimization
Video

Security
Access Control Lists
Monitoring and testing
Securing communications
TLS
Web Application Firewall

Integrations
Logging endpoints
Non-Fastly services

Diagnostics
Streaming logs
Debugging techniques
Common errors

Account info
Account management
Billing
User access and control

Reference

    Response Cookie handling

      Last updated August 09, 2018

    The traditional way to read response cookies in VCL is to inspect either the beresp.http.Set-Cookie or the resp.http.Set-Cookie variables and then extract values using regular expressions. However this is not ideal since attempting to parse potentially complicated or quoted strings with regular expressions is brittle and prone to being tripped up by edge cases. It also doesn't allow for reading multiple headers with the same name such as when an origin sends multiple Set-Cookie headers. Because of these two reasons Fastly supports a method for extracting a named value out of Set-Cookie headers no matter how many there are.

    To access a named value simply use the function with either beresp or resp depending on what part of the request you're in - so either

    1
    
    setcookie.get_value_by_name(beresp, "name")
    

    or

    1
    
    setcookie.get_value_by_name(resp, "name")
    

    as appropriate, replacing "name" with whatever the name of the value is. So for example, given this HTTP response from an origin

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    
    HTTP/1.1 200 OK
    Cache-Control: max-age=60
    Content-Type: text/html; charset=utf-8
    Content-Length: 80806
    Accept-Ranges: bytes
    Date: Tue, 11 Aug 2015 19:00:04 GMT
    Age: 123
    Connection: keep-alive
    Set-Cookie: one=a; httponly; secure
    Set-Cookie: two=b or not to b; httponly
    

    then using the function like this

    1
    2
    
    set resp.http.X-One = setcookie.get_value_by_name(resp, "one");
    set resp.http.X-Two = setcookie.get_value_by_name(resp, "two");
    

    will set resp.http.X-One to be "a" and resp.http.X-Two to "b or not to b".

    This logic can be used in uploaded custom VCL, as well as throughout the web interface. For example:

    An example of response cookie logic set via a header using the web interface

    Back to Top