Moovweb Help Center

How to Override Cookies in Response


There is currently a bug with the moov_rewriter module. It is causing issues on subdomain projects with strict cookie rewriting on. Cookies are not being rewritten "strictly" in these projects as expected. There is, however, still a way to override cookies and manually edit the "Set-Cookie" headers.

We can use a not-so-secret file under the scripts directory that, by default, is executed by our SDK before actually sending the response to the device and is used as a space to modify and play with the headers of our response using the "headers" variable. So, the step-by-step guide is easy:

Step-by-step guide

  1. Create a new file under the scripts directory called "moov_response_header_transform.js"
  2. Write your MoovJS code.

That's it. You can do a number of things with the variable. You can read more about its use here:

For now, I'll give you a simple example. What if, you wanted ALL cookies in your subdomain project to have strict domains specific to the mobile subdomain. The strict mode for cookie rewriting is not working, so you have to rewrite them yourself. Heres is what that would look like:


var alreadySetCookies = ctx.env.all_set_cookies.split('::MWDELIM::');
for (var i = 0; i < alreadySetCookies.length - 1; i++) {
if (!alreadySetCookies[i].match(/domain/ig)) {
alreadySetCookies[i] = alreadySetCookies[i] + "; Domain=" +;
} else {
alreadySetCookies[i] = alreadySetCookies[i].replace(/domain=[\s\S]*?.domain\.com/ig, "Domain=" +;
headers.addHeader("Set-Cookie", alreadySetCookies[i]);

 Things to note in this piece of code

  • The "ctx.env.all_set_cookies" variable is a long string of all cookie values that have been already set delimited by "::MWDELIM::".
  • We clear all the Set-Cookie headers after we have already stored all the cookies from the ctx variable. We'll add them after rewriting their domains.
  • The for loop goes to "length - 1" because the string of cookies ENDS with a "::MWDELIM::", so the split() function will have an empty string as its last element.
  • We cover all cookies. Once with no specific domain in them and any sort of derivative of the main domain.
  • Finally, just add a new "Set-Cookie" header with each of your newly rewritten cookie values.


This is a very straight-forward case, but it showcases the simple manipulation of headers in this file.


Have more questions? Submit a request


Powered by Zendesk