What is Cookie Testing?

Following are the steps which should be considered while doing cookie testing:

1) Cookies written by one website should not be accessible by other website.

2) Login to a website that using cookies to maintain the logging state of any user with some credentials. Many times you will observe the userID parameter of logged in user in browser address bar. We can change this parameter with some different value like use 200 as user ID in place of 100 and press enter. In this case user should not be able to enter other users account and proper validation message should be shown.

3) We need to check that our web application page is able to writing the cookies properly on different browsers (as specified in requirements) and application should works properly by using them. We should always need to check our web application on majorly used browsers like IE,Firefix etc.

4) We have to make sure that ‘No personal or sensitive data should be stored in the cookie’. For e.g. credit card number should not be stored in cookies not even in encrypted form.

5) We can also check the behavior of pages by deleting cookies. Like allow site to write cookies and then close all browsers. Now manually delete all cookies for web site under test.

6) We have to make sure that there is no overuse of cookies on our site under test. As prompting for cookies more often will annoy users and this could increase site traffic also.

7) Sometimes, cookies may be deleted with in a same domain to whom it is written but by different pages. It’s mostly happen in ‘action tracking’ or purchase tracking web portal. In these portals, when any action or purchase made by the user then you will find that the written cookies get deleted from disk in order to avoid multiple action logging from same cookie. So here we need to check that whether the cookie is deleted properly or not and no more invalid actions or purchase get logged from same user.

8) Suppose cookies are using on our site under test, then major functionality of our application will not work if cookies are disable. Before performing this test, we have to make sure that all browsers are close and previously written cookies are deleted. We should test our application in such condition like appropriate messages are coming for e.g. Please enable cookies for smooth functioning of this site etc. And there might be any page crash also.

9) All the sensitive data should be stored in encrypted format inside cookie.

10) Suppose 20 cookies are written in a web application. So the best way to check web site functionality is, not to accept all cookies. Let’s say, accept 10 cookies and reject 10 cookies. We must set browser options to prompt whenever cookie is being written to disk in order to execute this test-case. We can accept or reject cookie on this prompt window. In this way we have to check major functionality of the web application and to check if data is getting corrupted or pages are getting crashed etc.

11) We can also check site functionality and behavior by corrupting the cookies parameters. And it’s easy as we know where cookies are stored. We can edit the cookie in notepad and change its parameters to some vague data like alter the cookie content, name or expiry date etc. Even sometimes, corrupted cookies are allowed to read the data inside it for any other domain and it should not happen in website cookies.

These are some Major test cases to be considered while testing website cookies. We can write multiple test cases from these test cases by performing various combinations.


Written By: Pooja Gupta, QA Engineer, Mindfire Solutions


Posted on April 7, 2014, in Manual Testing, Security Testing and tagged , , , , , , , , , , , . Bookmark the permalink. 1 Comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: