Website Cookie Testing

In this Cookie Testing Tutorial, we will see what is a cookie, what is the role of cookies in web application and how to write test cases to test web application cookies. As a Software Tester, we need to test cookies whenever we test websites. In this tutorial, we will see some tools to test cookies and tools to test whether your local system is accepting cookies or not and also a tool to test whether any particular domain is accepting cookies or not.

  • 1. What is a Cookie
  • 2. How do Cookies work
  • 3. Types of Cookies
  • 4. Where Are Cookies Stored In Different Browsers
  • 5. Cookie Testing
  • 6. How to test Cookies – Sample Test Cases for Web Application Cookie Testing
  • 7. Plugins To Test Cookies

What is a Cookie?

A Cookie is also known as HTTP cookie, web cookie, internet cookie, browser cookie.

A Cookie is a small piece of information sent from a website and stored on the users in the users hard drive (in a text file) by the user’s web browser while the user is browsing and is sent back to the website each time the browser requests a page from the website. Cookies were designed to track the users browsing activities such as login credentials, visited pages or to store stateful information such as items added in the shopping cart in an online store or to record the information which was filled by the user in the form fields such as name, card details, address details etc., So it stores personalized information such as login details, language preference, mobile version or desktop version preference etc., Usually cookies store information for shorter periods. Cookies are used while implementing User sessions, User tracking, Advertisements, Shopping cart etc.,

How do Cookies work?

Assume there is a website which serves in two languages say English and Burmese. The website by default opens in the Burmese language and it allows users to change the language to English to view the site in English. You are an English guy who wants to view the website always in English. If the website serves cookies to store language then once you change the language from Burmese to English then whenever you are back to the site, the site will load in English. Here cookies in your local system communicate with the web server and requests webpage in the English language. So the web pages on your browser will load in English.

Remember there will be an expiration time for cookies. Expiration time varies from website to website and it is set while writing the cookie code.

Cookies contain the attributes such as Domain name (from where the cookie was sent), a random value (which is a unique number), a lifetime of Cookie (Expires and Max-Age), and path of the cookie.

Types of Cookies:

Usually, there are two types of cookies.

Session Cookies:

As the name suggests, session cookies work until the session has been destroyed. This type of cookie will last until the browser that triggers the cookie is closed.

It is also called as an in-memory cookie or transient cookie. Session cookies do not have an expiration date assigned to them.

In simple words, it stores in a temporary memory which expires once you close your browser.

Persistent Cookies:

Persistent cookies continue to exist until its time runs out. These cookies store in users hard disk for days, months or years depends on the cookie creator. These cookies will be used to track the users browsing activities. These are also called as tracking cookies which are used for legitimate purposes such as keeping you logged into the account without re-entering your account details or displaying the advertisements based on users previous browsing history.

Where Are Cookies Stored In Different Browsers?

Cookies are stored in Users system depends on the browser.

Chrome: Settings – Advanced – Privacy and security – Content Settings – Cookies – See all cookies and site data

Firefox: Open Firefox and click on Hamburger menu – Go to Options – Privacy – Remove individual cookies

Internet Explorer: Internet options – Settings – Temporary Internet Files – View files

Safari: Edit – Preferences – Privacy – Details – Manage website data

Cookie Testing:

Cookie Testing is the process of verifying whether the cookies are working as intended or not. In cookie testing, testers need to test the status of the cookie, expiration of cookie, accessibility of cookie, security constraints, etc.,

How to test Cookies – Sample Test Cases for Web Application Cookie Testing:

Important Test Scenarios for Testing Cookies of a Web Applications are listed below. You can use this cookie testing checklist to do Cookie Testing.

  1. Verify that whether the application is creating cookies on disk
  2. Verify whether the user is able to access the application after disabling the cookies.
    Disabling Cookies: Web pages may crash if we disable the cookies. Disable cookies on your browser. Access the website after all the cookies are disabled on your browser. There shouldn’t be any crashers or blockers.
    Here you need to verify two things:
    i. Is there an appropriate message displaying to the Users to enable cookies to access the site
    ii. Is there any workaround to access the site for the browsers with cookies disabled.
  3. Verify whether the user is able to access the application after removing the cookies.
    Removing Cookies: Remove all the cookies related to the website you are testing and check whether the website is working without any crash. Removal of cookies may result in loss of data and leads to system crash.
  4. Verify whether the user is able to access the application after deleting the cookies.
    Deleting Cookies: Make sure your website is creating cookies. Once the cookie is created, close the browser and delete cookies manually. Now open the browser and navigate to the website and test the behavior of the website. Deleting the cookies may sometimes break the website.
  5. Verify whether the user is able to access the application after corrupting (by editing) the cookies
    Corrupting Cookies: Manually edit the cookie using any plugin. You can also open cookies using notepad. Earlier we have mentioned where cookies are stored. Change the values (such as expiry date of the cookie or name of the cookie) of the cookies with irrelevant data.
    Try to change the login credentials of a User in the cookie with another valid User and try to do login. System shouldn’t allow you to log in with the modified User details.
  6. Verify whether all the sensitive data (user credentials) stored in a cookie is in the form of encrypted or not. (Cookies Encryption)
  7. Verify whether the cookies are being written correctly on all supported browsers. (Cross Browser Testing)
    Learn More About Cross Browser Testing & CrossBrowserTesting Tool
  8. Verify that the user is able to access the site by not accepting all the cookies.
    Accept or Reject Cookies: Make sure your browser is writing cookies. Access the website and allow the browser to write cookies. Now disable the cookies and try to access the site. Doing this may crash your site.
  9. Verify that there should not be overuse of cookies.
    No Overuse of Cookies: Overuse of cookies bring the site traffic down. Also, prompting for cookies quite often irritates the Users. Ultimately your site will lose traffic. Loss of traffic brings your business down.
  10. Verify that no personal or sensitive data is stored in the cookie.
    Privacy testing: In some cases, websites collect personal or sensitive data and store it in cookies. Make sure that the personal or sensitive data stored in a cookie is in an encrypted format.

If you have come across any other test scenarios of website cookie testing, please mention it in the comments below.

Plugins To Test Cookies:

For Google Chrome Users:

EditThisCookie – Here is the download link

For Mozilla Firefox Users:

Mozilla Advanced Cookie Manager – Here is the download link

Some other tools to test the cookies

Cookie Tester – Here is the link to the site

This site is used to test your browser cookies related settings. You can request this site to send a cookie to your browser. If you’ve configured your browser to reject cookies, you can request this site to send a cookie to the browser and check if the cookie gets rejected. If you’ve configured your browser to accept cookies, you can use this page to make sure that the cookies are being sent and aren’t getting blocked.

  • Set the Cookie name and Value
  • Click on ‘Set TestCookie’

If you have disabled the cookies then the cookie should be rejected.

Cookie Checker – Here is the link to the site

This site checks the cookies from a site and gives a full report on the purpose of each cookie.


The purpose of a cookie is to identify users to save login information of a website or prepare customized web pages. Cookie saves the time of Users when they revisit the site. Cookie testing is quite common and important in terms of security and quick access to any web application. As a web application tester, you have to include cookie testing as a part of your test plan .

Like this post? Share it with your friends! If you have any queries, please comment below.

Here are a few hand-picked Tutorials for you to read next:

  • CrossBrowserTesting Tool – Review
  • GUI Testing with FrogLogic Squish
  • Learn Test Managment Tool – TestLodge
  • TestCaseLab – Test Case Management Tool
  • Running Selenium Tests with BrowserStack
  • Selenium Continuous Integration Testing
  • Why You Choose Software Testing As A Career
  • How To Explain Test Automation Framework In The Interview