Cookie Testing

Add-Ons

 Chrome Add-ons

  EditThisCookie

  Swap My Cookie

  Vanilla Cookie Manager

 Firefox Add-ons

  Advance Cookie Manager

  Cookie Manager+

  Tamper Data

Common Test Ideas

 HTTP Cookie Attribute Testing

  Values

   Cookie Tampering to check for server side validation.

Modifying the value of certain cookie.

   Encryption of Confidential data

  Domain

   Complete domain name should be specified.

  Path

   Exact path should be specified

If path is specified as "path=/" then the cookie will be sent to any path.

  Secure

   Secure flag must be set for cookie containing confidential value.

  Expiration

   Certain sensitive information should not be stored in user hard drive.

 Disabling cookie

  First-party

First party cookie are those that are used by the domain which you visited.

  Third-party

Third-party cookie are those that are generated by third-party advertising web sites Javascript embedded in the page we view.

 Deleting cookie

  Deleting all the cookie of particular domain.

  Deleting some cookie of particular domain.

 Maximum Cookie Size check

  HTTP Cookie

   4KB of cookie data per domain to be compatible to all browser.

   Maximum of 20 cookie per domain of size < 4KB to be compatible to all browser

  Flash Cookie

   Maximum of 100KB data

 Cross Browser Testing

 Browser Cookie Law in different countries

  European Countries

   EU E-Privacy Directive

Before adding an cookie, the user must be notified and must get user confirmation before adding the cookie.

  Applies for all the countries

   RFC 2109

Cookie

 About

  set-cookie

   HTTP response header containing the cookie details sent from the server to set the cookie.

  Cookie

   HTTP request header sent from the browser to server each time particular domain is visited, contains cookie information

 Use

  Identifies the session of the User.

  Overcome the stateless nature of HTTP protocol.

 Types

  HTTP Cookie

   Persistent Cookie

    Expires after the expiration time is over stored in the local system

   Session Cookie

    Expires after the browser is closed.

  Flash Cookie

   Used by the flash player to save information.

HTTP Cookie Attribute

 Domain

  Specifies the domain the cookie must be sent.

 Path

  Used to specify the URL Path the cookie is valid.

 Value

 Expiration

  Specifies the lifetime of Persistent cookie.

 HostOnly

 Session

 Secure

  Sends the cookie only over a secure channel.

 HttpOnly

  Cookie cannot be accessed by the client side script.

TestInsane Technologies Private LImited Exploratory Testing & Test Automation Services Company www.testinsane.com