Netsparker Web Application Security Scanner

What is Cookie Testing and test cases for Website Cookie Testing?

In today’s article we are talking about Website Cookie Testing. In the modern Web Testing use of Cookie is most common thing to do. We will first concentrate on what exactly the Cookie is and how they are working in web application testing. Also we will see how to testing cookies, it advantages and disadvantages of Cookies in Website testing.


What is Cookie?

Cookie is a text file stored by browser on your hard disk which can be used while accessing the website later. Many of the web applications are use of Cookies. Generally, the cookies are the files which used to store the information like email address, passwords, session tokens etc. For some sites use of cookies is primary necessity to functioning of website, so Cookie Testing is common task of tester while testing the web applications.


How Cookies works in web applications?

When user access the web application in the browser then application saves the cookie used by web browsers. If such cookie value exists then the server consider the request to be authenticated. The browser use same cookie unless and until cookie is get expires.


Cookie Testing


Following test cases for Website Cookie testing should be considered while testing web applications:

  1. Cookies stored by one website should not be accessible by other websites.
  2. The cookies stores at different locations for different browsers. Check if your website is properly storing cookies on different browsers (as per your list of browsers specified in the requirement) and same cookies should be used properly.
  3. Consider a scenario where user try to login into account using Username and password and the cookies are used to maintain logging state of any user. Many times it has been observed that the username or userid is passed in the query string (in the URL as parameter). So here we can change the query string parameter to different username and press enter key. In this case user should not be login into other users account and proper error message should be presented to user.
  4. Check if no personal or sensitive data should be stored in the cookie like Credit card number, login credentials. And if no other option to store sensitive information then makes sure that data is stored in the encrypted format.
  5. Check the behaviour of application by deleting the cookies. First access the website and login to website using valid credentials so that site will write in cookies and then close the browser. Now manually delete the cookie file.
  6. Ensure that no overuse of cookie in your website application. Some browsers gives alerts if access use of cookies and this will annoy users which results loss of traffic and loss of business. Now question is how to test this overuse of cookies. In the Firefox browser you can check this by following simple steps:
    • Go to Tools > Option
    • Go to Privacy tab
    • Under History section, select Firefox will dropdown option to “Use custom settings for history”.
    • Select “Accept cookies from sites” checkbox
    • Select Keep until dropdown option to “ask me every time”.
    • Click on OK button.

    Once you done with the settings and if try to access the website and if website try to store the information in cookie the new window will open and ask you to Allow or Deny the cookie writing. In this way you came to if overuse of cookie in website application.
    Consider a scenario where website is accepting 20 cookies. So while executing this particular test case you should accept 10 cookies and reject 10 cookies and check if the behavior of web application under test.

  7. It might be possible of deleting the cookies written by domain while accessing the different pages of same website. Such cases are occurred where ‘action tracking’ is required in website like the online purchase websites. In such portal when one action is triggered like add to cart action then to track these action cookies needs to be updated (existing deleted and write new information) and store the information about the current actions. Here you need to test the whether the existing cookies are deleted properly and new information is written in cookie.
  8. Sometime by disabling cookies websites does not behave properly. Check if website functionality by disabling the cookies. Sometimes the website will crash or perform weirdly. Before executing you should make sure that all browsers are closed and existing cookies are deleted properly. There should not be any page crash due to disabling the cookies and user should able to access the website without crash or data corruption. In addition, the proper error message should be presented to user like “To perform smooth processing please make sure that Cookies are enabled” etc.
  9. Check the behaviour of web application by manually corrupting the cookies. Each browser stores cookie at particular location. You need close all browsers and edit the cookie file in notepad and manually change the parameters to some other values like cookie expiry date, cookie content, cookie name etc. Here you need to check if an alert message should be displayed to user and user should not be able to access other users account.


Advantages of Cookies in Website testing:

  1. Implementation of cookie is easy.
  2. Cookies stored on the client’s machine, as a result if do not require any server resources.
  3. Different types of Cookies can be used based on our requirements like Session Cookies can be used when cookies need to expires when browser is closed and Persistent Cookies can be used when cookies are used for the specified amount of time on client computer.


Disadvantages of Cookies in Website testing:

  1. Users can delete cookies which might be loss of information stored in the cookies.
  2. Loss of site traffic:
    Sometimes the website functionality will not work as intended when the cookie is disabled which results in loss of website traffic.
  3. Overuse of cookies:
    Some browsers gives alerts if access use of cookies and if the website application under test is using too many cookies and user browser enable/disable cookies setting is turned ON for ask user before writing cookie then this will annoy users which results loss of traffic and loss of business.
  4. Sensitive information:
    Sometimes website stores the sensitive information in cookie with plain text and it might leads to security loopholes if anyone open and tamper with cookies.
  5. The accepting and rejecting of cookies is totally depends on the Users browser setting, so your web application should anticipate that possibility.



Over to you: In Website Cookies Testing article we have seen all most important test cases which need to be executed while testing Website Cookies. You can write down more interesting test cases by combination of above test cases. Feel free to share test case in comments below if you think or used in your project.

7 comments to What is Cookie Testing and test cases for Website Cookie Testing?

  • Suman Bhatiya

    Thank you, hope you enjoyed reading it!!!

  • Rushi

    great post… minute basic facts explained so nicely

  • Anvay

    Nice article. Clearly explaining the reality.

  • Dhanshri

    Very nice, Thank You for giving such a good article on Cookie testing!!!

  • Komal

    Really this article is very much helpful. I was not at all aware of Cookie Testing

  • Sajel

    Hey thanks for sharing the article on “What is Cookie testing>”, can you please share some application where we can test the cookie testing.

  • Kannan

    Good article. It gives me some clear information about cookies and testing application with cookies. Thank you.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>