Cookie Testing


 Chrome Add-ons


  Swap My Cookie

  Vanilla Cookie Manager

 Firefox Add-ons

  Advance Cookie Manager

  Cookie Manager+

  Tamper Data

Common Test Ideas

 HTTP Cookie Attribute Testing


   Cookie Tampering to check for server side validation.

Modifying the value of certain cookie.

   Encryption of Confidential data


   Complete domain name should be specified.


   Exact path should be specified

If path is specified as "path=/" then the cookie will be sent to any path.


   Secure flag must be set for cookie containing confidential value.


   Certain sensitive information should not be stored in user hard drive.

 Disabling cookie


First party cookie are those that are used by the domain which you visited.


Third-party cookie are those that are generated by third-party advertising web sites Javascript embedded in the page we view.

 Deleting cookie

  Deleting all the cookie of particular domain.

  Deleting some cookie of particular domain.

 Maximum Cookie Size check

  HTTP Cookie

   4KB of cookie data per domain to be compatible to all browser.

   Maximum of 20 cookie per domain of size < 4KB to be compatible to all browser

  Flash Cookie

   Maximum of 100KB data

 Cross Browser Testing

 Browser Cookie Law in different countries

  European Countries

   EU E-Privacy Directive

Before adding an cookie, the user must be notified and must get user confirmation before adding the cookie.

  Applies for all the countries

   RFC 2109




   HTTP response header containing the cookie details sent from the server to set the cookie.


   HTTP request header sent from the browser to server each time particular domain is visited, contains cookie information


  Identifies the session of the User.

  Overcome the stateless nature of HTTP protocol.


  HTTP Cookie

   Persistent Cookie

    Expires after the expiration time is over stored in the local system

   Session Cookie

    Expires after the browser is closed.

  Flash Cookie

   Used by the flash player to save information.

HTTP Cookie Attribute


  Specifies the domain the cookie must be sent.


  Used to specify the URL Path the cookie is valid.



  Specifies the lifetime of Persistent cookie.




  Sends the cookie only over a secure channel.


  Cookie cannot be accessed by the client side script.

TestInsane Technologies Private LImited Exploratory Testing & Test Automation Services Company