What is Cookie Testing ?

What is Cookie Testing ?

What is Cookie Testing?

This article talks about the details step by step description of how cookie testing can be done. Cookie testing is a vital aspect of functional testing for web-based applications especially eCommerce applications.

What is Cookie?

A cookie is little data put away in the content records on the client’s hard drive by the webserver. This data is later utilized by an internet browser to recover data from that machine. By and large, a cookie contains customized client information or data that is utilized to impart between various website pages.

Note: Cookie and Session are two different aspects of the website. Cookies are general-purpose client-side note whereas the session are kept in the server to track the client with all possible information. A cookie can be alive even if the browser is closed but for a session it ends as soon as the client browser ends or get killed. More broadly both are dependent on each other, like a valid session creates a cookie(if allowed). And a session is made the cookie a transporter for all client-related information as buffer storage.

Why Cookies are used?

Cookies are only the client’s identity and used to follow where the client explored all through the site pages. The correspondence between the internet browser and the web server is stateless.

Imagine a scenario where you need the history of this client correspondence with the webserver. You have to keep up the client state and association between an internet browser and web server someplace. This is the place cookie comes into the picture. Cookies effectively maintain the client associations with the web server.

The usage of cookie can be summarized as :

  • Purpose of Unique visitor tracking. Mostly used in forums, blogs etc
  • Create personalized pages,site,contents,offers,banner’s display etc. Majorly used in commercialized sites.
  • Cookie and Shopping cart of an online store goes hand by hand. Cookies can remember the existing shopping cart, abandoned cart, re-initiation of orders, remembers buying habit of clients.
  • Online advertisement depends on cookies to determine the type of advertisement that needs to be displayed to the client based on his browsing habit, keywords, search pattern etc.


How do cookies work?

The HTTP convention used to trade data records on the web is utilized to keep up the cookies. There are two sorts of HTTP convention. Stateless HTTP and Stateful HTTP convention. Stateless HTTP convention does not keep any record of recently gotten to the site page history. While Stateful HTTP convention does keep some history of past internet browser and web server collaborations and this convention is utilized by cookies to keep up the client interaction.
At whatever point client visits the site or page that is utilizing cookie, little code inside that HTML page (Generally a call to some language content to compose the cookie like cookies in JAVAScript, PHP, Perl) composes a content record on clients machine called cookie.
Here is one case of the code that is utilized to compose cookie and can be set inside any HTML page:
Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME;
At the point when the client visits a similar page or area later time this cookie is perused from a circle and used to recognize the second visit of a similar client on that space. Lapse time is set while composing the cookie. This time is chosen by the application that is going to utilize the cookie.
Cookies shouldn’t be placed in indistinguishable classification from the viruses, spyware or spam.  They are the apparatuses to support us and deal with our time all the more proficiently on the web

Types of Cookie:

  • Session Cookies: These cookies are dynamic until the program that triggers the cookie is open. upon closing the browser this session cookie gets erased.
  • Persistent Cookies: These cookies are composed forever on the client machine and it goes on for a considerable length of time or years.
See also  Learn Effective Primary Tools For Test Automation in 2020

What information Cookie holds?


  • The name of the server the cookie was sent from
  • The expiry date of the cookie
  • An esteem number – as a rule, an arbitrarily produced remarkable number

Where Cookies are put away?

At the point when any site page application composes a cookie, it is put away in a content document on client hard plate drive. The way where the cookies are spared relies upon the program. Distinctive browsers store the cookie in various ways.
For instance, in the Mozilla Firefox program you can see the cookies in program choices. To see this snap-on Tools – > Options – > Privacy and afterwards click on “Remove Individual Cookies”.

How to enable cookies in different browsers:

IE-6 and older

Navigate Tools->Internet Options->Privacy->Sites->Type https://www.techtravelhub.com in the box->click Allow–>click Ok->click Ok

IE-7/8/910 and Edge

Navigate to control panel–>Double click on Internet option–>Privacy–>Advanced–>“Override automatic cookie handling” in  the Cookies section–>Select the Accept or Prompt–>Click Ok

Mozilla Firefox:

Navigate Tools->Options->Privacy->Exceptions->Type https://www.techtravelhub.com in the box->click Allow–>click Close->click Ok


Tools-> Options–>Under the Hood tab–>Click Content settings in the Privacy->Select Allow local data to be set to allow both first-party and third-party cookies. If we want to accept first-party cookies, check the box next to -Block all third-party cookies without exception.

Here are two beautiful articles on enabling cookies :
Site one
Site two

Why are the basic need of Cookie test?


  • To ensure that the cookies don’t store classified data.
  • To check the number of cookies utilized.
  • Ensure that the application keeps up its productivity when turned off or Accept cookies.
  • To check application reaction to the harmed cookies.
  • Ensure that cookies are put away and evacuated it to the pages on which it is normal and vital.
  • Testing that cookies are working effectively in all programs that will be utilized by the application.
  • To ensure that the application satisfactorily reacts to erase cookies physically.
  • To check that the entrance to various parts of the application should not be possible to sidestep the cookie utilized for confirmation or approval.
See also  10 Facts to: How to Introduce a New Tool for Organization?

How to verify basic Cookie functionality?

  • Check if the client’s site allows displaying prompt to display the usage of the cookie or not. Client/user needs to agree to the site to allow writing cookie.
  • Check if the site can write contents inside a cookie or the cookie is created or not.
  • Disabling or Debilitating cookies: Disable all cookies and endeavour to utilize the site’s significant capacities. Incapacitate the cookies from your browser settings: If we are utilizing cookies on our site, our destinations significant usefulness won’t work by handicapping the cookies. At that point attempt to get to the site under test. we need to explore through the site. and check whether suitable messages are shown to the client like “For smooth working of this site ensure that cookies are empowered on your program”. There ought not to be any page crash because of incapacitating the cookies. (If we don’t mind ensure that we close all programs, erase all recently composed cookies previously playing out this test).The page should not be hanged or froze or crashed due to this test.
  • Corrupting or Tainting cookies: Manually alter the cookie in the scratchpad and change the parameters with some arbitrary qualities. A few times clients individual data is put away in cookies and the event that somebody hacks the cookie, at that point programmer can gain admittance to your data. Indeed, even debased cookies can be perused by various spaces and lead to security issues.
  • Cookies encryption: Sensitive data like passwords, usernames, credit card, debit card or SSN etc ought to be encoded before it is sent to our PC. Majorly during the requirement gathering phase, we must disallow this type of requirements as this may be the breach of the privacy policy.
  • Cookie testing with numerous Browsers: Check your site page is composing the cookies legitimately on an alternate program of course
  • Checking the cancellation from your web application page. Once we close the browser cookies must be deleted automatically. Alternatively, we can select some of the websites to allow cookies and for some we disallow. We can cross-check if the disallowed sites did not create cookies.
  • Specifically dismissing cookies: Delete every one of the cookies for the sites and perceive how the site responds to it
  • Access to cookies: Cookies composed by one site ought not to be open by others. We need to try to put the website into a test if it can read other’s cookie.
  • No abuse of cookies: If the application under test is an open site, there ought not to be an abuse of cookies.
  • Testing with the diverse setting: Testing ought to be done appropriately to watch that site is functioning admirably with various cookie setting
  • Check for session timeout functionality of a cookie. The site should display proper alert.
  • Latest browsers support javascript to create cookie and writing on it. We can test if the cookies are created correctly if the browser does not have javascript enabled.
  • If you are composing such a large number of cookies on each page route and if the client has turned on choice to caution before composing cookie, this could dismiss the client from your site. Site traffic is having an inversely proportional relationship with an increment of cookie. We need to test this as well. Notwithstanding composing Cookie is an incredible method to keep up client communication if the client has set program choices to caution before composing any cookie or incapacitated the cookies then site containing cookie will be handicapped and can not play out any task bringing about loss of site traffic.
  • We need to test cookie if it is meant to track the client’s login status. It can be seen via the browser’s URL. Altering them can give us better in the side of the cookie. It must provide the correct message.
  • We can test the expiry date and validate the same for a cookie.
  • we can test the User-specific cookies which should not be altered or deleted by other uses.
See also  What is Doctype in web testing?

We can create positive and negative test cases based on the points mentioned here.


Share and Enjoy !

Leave a Reply

Your email address will not be published. Required fields are marked *