Cookie Testing

Cookie is small information stored at user’s end in a text file. This information stored in cookies is used by browsers to retrieve information from that machine. It contains personalized user data that is used by websites to deliver proper content. They act as unique identifier and help the site to remember a particular user.

Use of cookies

Cookies are used to store users identity and track down the history of user’s navigation throughout the website.

Cookies are used by the websites:

• Determine how many unique users visited their website as cookies can be used to set with unique id for each visitor.
• Sites can store user preferences. e.g. some sites store user location to deliver localized content on next visit.
• E-commerce sites implement things like shopping carts and checkout options.

Online advertising agencies use cookies to show customized ads based on user’s browsing history.

How cookies work?

To exchange information files on the web, the HTTP protocol is used. There are two types of HTTP protocol: Stateless HTTP and Stateful HTTP protocol.

I – Stateless System –

A stateless system has no record of previous interactions. Each interaction request has to be handled entirely on the information comes with it. Once the browser receives the last byte of information using HTTP, the web server forgets about the request data. Subsequent requests are executed without the memory of earlier request.

II –  Stateful System –

Stateful HTTP protocols do keep some history of previous web browser and web server interactions and this protocol is used by cookies to maintain the user interactions. Whenever user visits the site or page that is using cookie, small code inside that HTML page writes a text file on users machine called cookie. When user visits the same page or domain later time this cookie is read from disk and used to identify the second visit of the same user on that domain. Expiration time is set while writing the cookie. This time is decided by the application that is going to use the cookie.

Types of cookies

Session cookies – This cookie is active till the browser that invoked the cookie is open. When we close the browser this session cookie gets deleted. Sometime session of say 20 minutes can be set to expire the cookie. Session cookies enable the website you are visiting to keep track of your movement from page to page so you don’t get asked for the same information you’ve already given to the site.

Persistent cookies – The cookies that are written permanently on user machine and lasts for months or years. Persistent cookies help websites remember your information and settings when you visit them in the future. This is result in faster and more convenient access. website features made possible by persistent cookies include: language selection, theme selection, menu preferences, internal site bookmarks or favorites.

Test cases for cookie testing:

Disabling Cookies – Most sites use cookies for their functioning. So, after disabling cookies most functions would stop working in the application. Under such scenario the application should send a appropriate warning message to enable the cookies and the pages should not crash.

Selectively rejecting cookies – An application writes number of cookies to the hard disk. These cookies can be selectively accepted or rejected by setting browser options to prompt whenever cookie is being written to disk. Under such scenario the application should not crash.

Delete the cookie – Allow a site to write the cookies and then close all browsers and manually delete all cookies for web site under test. Access the web pages and check the behavior of the pages. 

Overuse of cookies – Some sites may be using too many cookies. Overuse of cookies will annoy users if browser is prompting for cookies more often and this could result in loss of site traffic and eventually loss of business. This test can be performed by setting browser options to prompt whenever cookie is being written to disk.

Corrupting the cookies – Cookies are stored in hard drive at users end. So, they can be easily opened in a notepad and their parameter can be changed to some vague values. e.g change the content of cookie, change the name of the cookie and then perform some actions on website. In some cases corrupted cookies allow to read the data inside it by any other domain. This should not happen. Cookies of one domain should not accessible by other domains.

Cookies encryption – Some websites store sensitive data in cookies. In this case the cookies needs to be tested to see if the data is getting saved in encrypted format.

Multi browser testing –  Applications needs to be tested to see if a page is writing the cookies properly on different browsers and also the web site works properly using these stored cookies. This test can be performed major browsers like on Internet explorer, Mozilla Firefox, Netscape, Opera etc.

Checking the deletion of cookies from your web application page –

Sometimes cookie written by domain say rediff.com may be deleted by same domain but by different page under that domain. This is the general case if you are testing some ‘action tracking’ web portal. Action tracking or purchase tracking pixel is placed on the action web page and when any action or purchase occurs by user the cookie written on disk get deleted to avoid multiple action logging from same cookie. Check if reaching to your action or purchase page deletes the cookie properly and no more invalid actions or purchase get logged from same user.

 

Written By: – Pranaya Ranjan Sahoo, QA Engineer, Mindfire Solutions