Cookies Testing in Software Testing

Learn via video courses
Topics Covered

Overview

Cookies are small files created by websites and stored on the user's computer. They are used to store information about the user's browsing behaviour and preferences. In software testing, cookies testing is a type of testing that ensures the functionality and behaviour of cookies in a web application.

What are Cookies?

Cookies are small text files created by websites and stored on the user's device while browsing the website. Websites use cookies to store information about the user's browsing and preferences, such as login details, language settings, and shopping cart contents.

  • Persistent cookies:
    These cookies are valid after the current session. They are permanently written to the user's computer and remain there based on their expiry time
  • Session cookies:
    These are cookies that are valid only until the end of the session. This means that they are only active while the browser tab or window is open.

Where Cookies Are Stored?

Cookies are stored in different places depending on the browser and operating system, but usually, cookies are stored in the cache of the browser. When a user visits a website that supports cookies, the website sends cookies to the browser to collect information. For example, Google Chrome stores cookies in C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default\Cookies

Types of Cookies

  • First-party cookies:
    First-party cookies are created by the website the user is visiting and is used to store information about the user's activity on that website.
  • Third-party cookies:
    Third-party cookies are used to track the user's browsing behavior on various websites and can be used for targeted advertising or analytical purposes.
  • Secure Cookies:
    Secure cookies are cookies that are sent only over an encrypted (HTTPS) connection, which helps prevent cookie data from being intercepted.

Why do We Need Cookies Testing?

Below are some of the reasons why we need cookies testing:

  1. Ensuring security:
    Cookies can be used to store sensitive information such as user login details and personal information. Cookies testing helps ensure that cookies are secure and not vulnerable to attacks such as cross-site scripting (XSS) or cross-site request forgery (CSRF).
  2. Verify Functionality:
    Cookies are used to store and retrieve user information and settings, and if they do not function properly, the application may not function as intended. Cookies testing helps ensure that cookies are correctly created, modified, and deleted.
  3. Ensure Data Protection:
    Cookies can be used to track user behaviour and collect personal data. Cookies testing helps ensure that the application does not collect or share unnecessary or sensitive user data.
  4. Better User Experience:
    Cookies are used to personalize the user experience and improve the efficiency of the application. Cookies testing helps ensure that cookies are used effectively and contribute to a positive user experience.

How to Test Cookies on The Website?

You can test cookies on the website as follows:

  1. Delete Cookies:
    Before testing, delete all cookies from your browser to ensure that there are no remaining cookies that interfere with testing.
  2. Allow Cookies:
    Make sure cookies are enabled in your browser. You can do this by going to your browser settings and making sure the option to accept cookies is enabled.
  3. Check the Creation of Cookies:
    Make sure that cookies are created correctly by checking your browser's developer tools or browser extensions such as EditThisCookie. Make sure the cookie name and value are correct and the expiration date is correct.
  4. Test Cookie Editing:
    Check that cookie can be edited correctly by changing the cookie value and checking that the change is reflected in the application.
  5. Test the Deletion of Cookies:
    Check that cookies are correctly deleted by deleting the cookie and making sure that the application is no longer using that cookie.
  6. Security of Cookies:
    Verify that protection and HttpOnly cookies are being used correctly by trying to access them with client-side scripting languages such as JavaScript. Ensure that HttpOnly cookies are not available and that secure cookies are only sent over an encrypted (HTTPS) connection.
  7. Cookies Compatibility:
    Test if cookies are compatible with different browsers and devices. Test in different browsers (eg Chrome, Firefox, Safari, and Internet Explorer) and on different devices (eg desktops, laptops, and mobile devices).
  8. Cookies Privacy:
    Test that cookies do not collect or share unnecessary or sensitive user data. Please ensure that cookies are used only for their intended purposes and are not used for user tracking or other unauthorized activities.

Plugin to Test Cookies

There are a number of browser extensions and plug-ins to test cookies. Here are some popular ones:

  1. EditThisCookie:
    This is a popular Chrome extension that allows you to view, edit, delete, and create new cookies for the current website. It also provides detailed information about each cookie, including name, value, domain name, and expiration date.
  2. Cookie Editor:
    This is a Firefox extension that allows you to view, edit and delete cookies for the current website. It also allows you to search for cookies, filter them by name, domain, or path, and export them to a file.
  3. Quick Cookie Manager:
    This is a Chrome extension that allows you to manage cookies for the current website. It provides a quick and easy way to view, change and delete cookies and also allows you to export cookies to a file.
  4. Cookie Inspector:
    This is a Safari extension that allows you to view and change cookies on the current website. It provides detailed information about each cookie, including name, value, domain name, and expiration date.

Editing cookies is the process of changing the value of a cookie already stored in the user's browser. Web applications often do this to update user session information or to personalize the user experience.

  1. Cookie detection:
    Detect a cookie that can be edited using the browser's developer tools or a cookie management extension. Note the cookie name, value, domain name, and expiration date. image of cookie plugin
  2. Change Cookie Value:
    Change the cookie value to the desired value using the same tool. For example, if you want to change the session ID cookie value, you can change it to a new unique session ID. editing cookie from extension
  3. Save the cookie:
    After changing the cookie, do not forget to save it so that the new value is saved in the user's browser. You can do this by refreshing the page or going to another page on the same website. editing cookie from extension
  4. Confirm the change:
    Use the same tool to make sure the cookie value has been changed to the desired value. Verify that the web application uses the new value as expected. editing cookie from extension
CookieSession
A cookie is information that a browser stores on the user's computer.A session is created on the server side and a unique session ID is generated
Cookies are IndependentThe session is dependent on cookie
Cookies can be vulnerable to attacks such as cross-site scripting and can also block the user's browser settings.Sessions are more secure than cookies because the information is stored on the server rather than on the client side.
Cookie stores small amounts of data, typically less than 4KB.Session stores larger amounts of data
The cookie expires according to the life user has set for itThe session expires when the user closes the browser

Test Cases for Web Application Cookies Testing

  1. Cookie Creation:

    • Verify that cookies are created and stored correctly when a user logs in or performs an action that requires data to be stored on the client.
    • Verify that the cookie name and value are correct and that the cookie attributes (eg expiration date, domain name, path) are set correctly.
    • Verify that cookies are enabled by default in the browser.
    • Verify that cookies are being used to store user preferences such as language, font size, etc.
  2. Cookie Security:

    • Verify that cookies do not store sensitive information (eg user authentication data, credit card information).
    • Verify cookies are encrypted or compressed to prevent unauthorized access to cookie data.
    • Verify that cookies are being correctly used to prevent session hijacking attacks.
    • Verify that cookies are being correctly used to prevent CSRF (Cross-Site Request Forgery) attacks.
  3. Cookie Manipulation:

    • Verify that cookies cannot be accessed by other websites or unauthorized users.
    • Verify that cookies are not being overwritten by other cookies with the same name or conflicting attributes.
  4. Cookie Compatibility:

    • Make sure cookies work correctly on different devices (eg desktop, mobile, tablet).
    • Verify that cookies work correctly with different operating systems (e.g., Windows, Mac, Linux).
    • Verify that cookies work correctly across different web browsers (e.g., Chrome, Firefox, Safari, Internet Explorer).
  5. Cookie Expiration:

    • Verify that expired cookies are deleted on the client and not sent to the server.
    • Verify that cookies expire after a specified expiration date or when the user logs out.

Conclusion

  • Cookies testing is important to ensure the correct use of cookies on the website.
  • A cookie test helps ensure that cookies are correctly set, downloaded, and deleted.
  • Cookies testing helps ensure that no sensitive information is stored in cookies and that cookies are used to prevent attacks such as CSRF and session hijacking.
  • A well-thought-out testing strategy is important when testing cookies and testing should be done using different browsers, devices, and scenarios.
  • Cookie testing helps identify and resolve issues that may affect user experience, user privacy, or website security.