In today’s article we are talking about Website Cookie Testing. In the modern Web Testing use of Cookie is most common thing to do. We will first concentrate on what exactly the Cookie is and how they are working in web application testing. Also we will see how to testing cookies, it advantages and disadvantages of Cookies in Website testing.
What is Cookie?
How Cookies works in web applications?
When user access the web application in the browser then application saves the cookie used by web browsers. If such cookie value exists then the server consider the request to be authenticated. The browser use same cookie unless and until cookie is get expires.
Following test cases for Website Cookie testing should be considered while testing web applications:
- Cookies stored by one website should not be accessible by other websites.
- The cookies stores at different locations for different browsers. Check if your website is properly storing cookies on different browsers (as per your list of browsers specified in the requirement) and same cookies should be used properly.
- Consider a scenario where user try to login into account using Username and password and the cookies are used to maintain logging state of any user. Many times it has been observed that the username or userid is passed in the query string (in the URL as parameter). So here we can change the query string parameter to different username and press enter key. In this case user should not be login into other users account and proper error message should be presented to user.
- Check if no personal or sensitive data should be stored in the cookie like Credit card number, login credentials. And if no other option to store sensitive information then makes sure that data is stored in the encrypted format.
- Check the behaviour of application by deleting the cookies. First access the website and login to website using valid credentials so that site will write in cookies and then close the browser. Now manually delete the cookie file.
- Go to Tools > Option
- Go to Privacy tab
- Under History section, select Firefox will dropdown option to “Use custom settings for history”.
- Select “Accept cookies from sites” checkbox
- Select Keep until dropdown option to “ask me every time”.
- Click on OK button.
Once you done with the settings and if try to access the website and if website try to store the information in cookie the new window will open and ask you to Allow or Deny the cookie writing. In this way you came to if overuse of cookie in website application.
Consider a scenario where website is accepting 20 cookies. So while executing this particular test case you should accept 10 cookies and reject 10 cookies and check if the behavior of web application under test.
- It might be possible of deleting the cookies written by domain while accessing the different pages of same website. Such cases are occurred where ‘action tracking’ is required in website like the online purchase websites. In such portal when one action is triggered like add to cart action then to track these action cookies needs to be updated (existing deleted and write new information) and store the information about the current actions. Here you need to test the whether the existing cookies are deleted properly and new information is written in cookie.
- Sometime by disabling cookies websites does not behave properly. Check if website functionality by disabling the cookies. Sometimes the website will crash or perform weirdly. Before executing you should make sure that all browsers are closed and existing cookies are deleted properly. There should not be any page crash due to disabling the cookies and user should able to access the website without crash or data corruption. In addition, the proper error message should be presented to user like “To perform smooth processing please make sure that Cookies are enabled” etc.
- Check the behaviour of web application by manually corrupting the cookies. Each browser stores cookie at particular location. You need close all browsers and edit the cookie file in notepad and manually change the parameters to some other values like cookie expiry date, cookie content, cookie name etc. Here you need to check if an alert message should be displayed to user and user should not be able to access other users account.
Advantages of Cookies in Website testing:
- Implementation of cookie is easy.
- Cookies stored on the client’s machine, as a result if do not require any server resources.
- Different types of Cookies can be used based on our requirements like Session Cookies can be used when cookies need to expires when browser is closed and Persistent Cookies can be used when cookies are used for the specified amount of time on client computer.
Disadvantages of Cookies in Website testing:
- Users can delete cookies which might be loss of information stored in the cookies.
- Loss of site traffic:
Sometimes the website functionality will not work as intended when the cookie is disabled which results in loss of website traffic.
- Sensitive information:
Sometimes website stores the sensitive information in cookie with plain text and it might leads to security loopholes if anyone open and tamper with cookies.
- The accepting and rejecting of cookies is totally depends on the Users browser setting, so your web application should anticipate that possibility.
Over to you: In Website Cookies Testing article we have seen all most important test cases which need to be executed while testing Website Cookies. You can write down more interesting test cases by combination of above test cases. Feel free to share test case in comments below if you think or used in your project.