---
title: CookieFilter
description: Manages, suppresses, and relays cookies for in-memory sessions. This filter isn't currently compatible with JWT-based sessions.
component: pinggateway
version: 2026
page_id: pinggateway:reference:CookieFilter
canonical_url: https://docs.pingidentity.com/pinggateway/2026/reference/CookieFilter.html
revdate: 2026-02-23T12:00:00Z
section_ids:
  CookieFilter-usage: Usage
  CookieFilter-properties: Properties
  CookieFilter-moreinfo: More information
---

# CookieFilter

Manages, suppresses, and relays cookies for [in-memory sessions](../about/about-sessions.html#sessions-in-memory). This filter isn't currently compatible with [JWT-based sessions](../about/about-sessions.html#sessions-jwt-based).

## Usage

```none
{
     "name": string,
     "type": "CookieFilter",
     "config": {
         "managed": [ configuration expression<string>, ... ],
         "suppressed": [ configuration expression<string>, ... ],
         "relayed": [ configuration expression<string>, ... ],
         "defaultAction": configuration expression<enumeration>
     }
}
```

## Properties

* `"managed"`: *array of configuration expression<[strings](preface.html#definition-string)>, optional*

  A list of the names of cookies to be managed.

  PingGateway stores cookies from the protected application in the session and manages them as follows:

  * Requests with a `Cookie` header: PingGateway removes managed cookies so that protected applications cannot see them.

  * Responses with a `Set-Cookie` header: PingGateway removes managed cookies and keeps a copy of them. PingGateway then adds the managed cookies in a `Cookie` header to future requests that traverse the CookieFilter.

* `"suppressed"`: *array of configuration expression<[strings](preface.html#definition-string)>, optional*

  A list of the names of cookies to be suppressed.

  PingGateway removes cookies from the request and response. Use this option to hide domain cookies, such as the AM session cookie, that are used by PingGateway but aren't usually used by protected applications.

* `"relayed"`: *array of configuration expression<[strings](preface.html#definition-string)>, optional*

  A list of the names of cookies to be relayed.

  PingGateway transmits cookies freely from the user agent to the remote server, and vice versa.

* `"defaultAction"`: *configuration expression<[enumeration](preface.html#definition-enumeration)>, optional*

  Action to perform for cookies that don't appear in one of the above lists. Set to `MANAGE`, `SUPPRESS`, or `RELAY`.

  If a cookie appears in more than one of the above lists, it is treated in the following order of precedence: `managed`, `suppressed`, `relayed`. For example, if a cookie is in both the `managed` and `relayed` lists, the cookie is managed.

  Default: `"MANAGE"`.

## More information

[org.forgerock.openig.filter.CookieFilter](../_attachments/apidocs/org/forgerock/openig/filter/CookieFilter.html)