There is something confusing about MobileFirst adapters which is the Cookie policy. Actually I can't find any documentation specifying the detailed use of each kind Cookie policy and how is it related to connectAs attribute. I have this concern because each time I have to authenticate to a third party application, I get in many troubles while maintaining Cookies and third party session.
Is there someone who could explain it in details please ?
As mentioned in the user documentation for the connectionPolicy element of a HTTP adapter, you are expected to read about each cookiePolicy in its specific RFC - because these cookie policies aren't IBM's. They are industry standards:
See also here: What does the cookiePolicy adapter parameter do in Worklight 6.1+?
These cookies don't affect the JSESSIONID cookie returned by the application server to the client (mobile app). The policy relates to all the cookies returned by the backend server to Worklight, including JSESSIONID.
The cookiePolicy does not have a direct relation to the connectAs attribute. Because this attribute will basically dictate if there is a single HttpClient for all sessions, or an HttpClient for each session.
In either case the cookie policy is applied to the adapter.
From the same question:
... each adapter has a separate instance of an HttpClient, and so the cookiePolicy acts only within the scope of one adapter. Different adapters will not share cookies by configuration.
About connectAs in greater detail: What does connectAs="endUser" actually do?