What is a Cookie?
The cookie is a text file stored by the browser on your hard disk, which you can use while accessing the website later. Many web applications use cookies. Generally, the cookies are the files used to store information like email addresses, passwords, session tokens, etc. For some sites, cookies are a primary necessity for the website’s functioning, so Cookie Testing is a common task of testers while testing web applications.
How Does Cookie work in web applications?
When the user accesses the web application in the browser, the application saves the cookie used by web browsers. If such a cookie value exists, the server considers the request authenticated. The browser uses the same cookie unless and until the cookie expires.
Following test cases for Website Cookie testing should be considered while testing web applications:
- Cookies stored on one website should not be accessible by other websites.
- The cookies are stored at different locations for different browsers. Check if your website appropriately stores cookies on different browsers (per your list of browsers specified in the requirement), and the same cookies should be used properly.
- Consider a scenario where the user tries to log in to the account using a username and password, and the cookies are used to maintain the logging state of any user. It has often been observed that the username or user ID is passed in the query string (in the URL as a parameter). So here, we can change the query string parameter to a different username and press enter key. In this case, a user should not log into other users’ accounts, and the proper error message should be presented to the user.
- Check if no personal or sensitive data should be stored in the cookie-like Credit card number or login credentials. If there is no other option to store confidential information, then make sure that data is stored in an encrypted format.
- Check the behavior of the application by deleting the cookies. First, access the website and log in using valid credentials so that the site will write in cookies and then close the browser. Now, manually delete the cookie file.
- Ensure that there is no overuse of cookies in your website application. Some browsers give alerts if access uses cookies, which annoys users, resulting in loss of traffic and business. Now, the question is how to test this overuse of cookies. In the Firefox browser, you can check this by following simple steps: Go to Tools > Option.
Go to the Privacy tab.
Under the History section, select Firefox will offer the drop-down option to “Use custom settings for history”.
Select “Accept cookies from sites” checkbox
Select Keep until the drop-down option to “Ask Me Every Time” appears.
Click on the OK button. Once you are done with the settings, try to access the website, and if the website works to store the information in the cookie, the new window will open and ask you to Allow or Deny the cookie writing. In this way, you came to the overuse of cookies in website applications. - Consider a scenario where the Provigil drug website is accepting 20 cookies. So, while executing this particular test case, you should accept ten cookies and reject ten cookies and check if the web application’s behavior is under test.
- It might be possible by deleting the cookies written by the domain while accessing the different pages of the same website. In such cases, ‘ action tracking’ is required on the website, like online purchase websites. In such a portal, when one action is triggered, like add to cart action, then to track these actions, cookies need to be updated (existing deleted and new information) and store the information about the current actions. Here, you need to test whether the existing cookies are deleted properly, and new information is written in the cookie.
- Sometimes, disabling cookies causes websites to behave improperly. Check if website functionality is improved by disabling the cookies.
- Sometimes, the website will crash or perform weirdly. Before executing, ensure all browsers are closed and existing cookies appropriately deleted. There should not be any page crashes due to disabling the cookies, and users should be able to access the website without the crash or data corruption. Also, the proper error message should be presented to the user, like “To perform smooth processing, please ensure that Cookies are enabled,” etc.
- Check the behavior of the web application by manually corrupting the cookies. Each browser stores cookies at a particular location. You need to close all browsers, edit the cookie file in Notepad, and manually change the parameters to other values like cookie expiry date, cookie content, cookie name, etc. Here, you need to check if an alert message should be displayed to the user and if the user cannot access other users’ accounts.
Advantages of Cookies in Website Testing
- The implementation of a cookie is easy.
- As a result, cookies stored on the client’s machine do not require server resources.
- Different types of Cookies can be used based on our requirements. Session Cookies can be used when cookies need to expire when the browser closes, and Persistent Cookies can be used when cookies are used for a specified amount of time on the client’s computer.
Disadvantages of Cookies in Website Testing
- Users can delete cookies, which might result in the loss of information stored in the cookies.
- Loss of site traffic: Sometimes, the website functionality will not work as intended when the cookie is disabled, resulting in website traffic loss.
- Overuse of cookies: Some browsers give alerts if access use of cookies and if the website application under test is using too many cookies and the user browser enable/disable cookies setting is turned ON for asking the user before writing cookie, then this will annoy users which results in loss of traffic and loss of business.
- Sensitive information: Sometimes, a website stores confidential information in the cookie with plain text, and it might lead to security loopholes if anyone opens and tamper with cookies.
- Accepting and rejecting cookies depends on the User’s browser setting, so your web application should anticipate that possibility.
You can develop more test scenarios and add more test cases to the above list. I suggest creating a spreadsheet and coming up with as many scenarios for the cookie testing as you can that applies to your web application.
You may also want to check the cookie policies that apply to the EU and US FTC, as that will give you enough information about what needs to be tested. The information compliance of the cookies can be used in various ways, like setting up your privacy policies and denying the advertisers manipulation, etc.
I hope this article on Cookie Testing information in the article helped. If you have any suggestions for improvements to this article, feel free to comment in the comment section for improvements about Cookie Testing.