What is Cookie?
How Does Cookie work in web applications?
When the user accesses the web application in the browser, then the application saves the cookie used by web browsers. If such a cookie value exists, then the server considers the request to be authenticated. The browser uses the same cookie unless and until the cookie is getting expires.
Following test cases for Website Cookie testing should be considered while testing web applications:
- Cookies stored on one website should not be accessible by other websites.
- The cookies stores at different locations for different browsers. Check if your website is appropriately storing cookies on different browsers (as per your list of browsers specified in the requirement) and the same cookies should use properly.
- Consider a scenario where the user tries to log in to the account using username and password and the cookies are used to maintain the logging state of any user. Many times it has been observed that the username or user id is passed in the query string (in the URL as a parameter). So here we can change the query string parameter to the different username and press enter key. In this case, a user should not be login into other user’s accounts, and the proper error message should be presented to the user.
- Check if no personal or sensitive data should store in the cookie-like Credit card number, login credentials. And if no other option to store confidential information then makes sure that data store in the encrypted format.
- Check the behavior of the application by deleting the cookies. First, access the website and log in to the website using valid credentials so that site will write in cookies and then close the browser. Now manually delete the cookie file.
Go to the Privacy tab
Under the History section, select Firefox will offer the drop-down option to “Use custom settings for history”.
Select “Accept cookies from sites” checkbox
Select Keep until the drop-down option to “ask me every time”.
Click on the OK button. Once you did with the settings and if try to access the website and if the website works to store the information in the cookie the new window will open and ask you to Allow or Deny the cookie writing. In this way, you came to if overuse of cookie in website application.
- Consider a scenario where buy Provigil drug website is accepting 20 cookies. So while executing this particular test case, you should accept ten cookies and reject ten cookies and check if the behavior of the web application under test.
- It might be possible by deleting the cookies written by domain while accessing the different pages of the same website. Such cases occur where ‘action tracking’ is required on the website, like online purchase websites. In such a portal when one action triggered like add to cart action then to track these action cookies needs to be updated (existing deleted and write new information) and store the information about the current actions. Here you need to test whether the existing cookies deleted properly and new information written in the cookie.
- Sometimes disabling cookies websites does not behave properly. Check if website functionality by disabling the cookies.
- Sometimes the website will crash or perform weirdly. Before executing, you should make sure that all browsers closed and existing cookies appropriately deleted. There should not be any page crash due to disabling the cookies and users should able to access the website without the crash or data corruption. Also, the proper error message should be presented to the user like “To perform smooth processing, please make sure that Cookies are enabled” etc.
- Check the behavior of the web application by manually corrupting the cookies. Each browser stores cookies at a particular location. You need to close all browsers and edit the cookie file in notepad and manually change the parameters to some other values like cookie expiry date, cookie content, cookie name, etc. Here you need to check if an alert message should be displayed to the user and the user should not be able to access other users’ accounts.
Advantages of Cookies in Website testing
- The implementation of a cookie is easy.
- Cookies stored on the client’s machine, as a result, if do not require any server resources.
- Different types of Cookies can be used based on our requirements like Session Cookies can be used when cookies need to expires when the browser closed, and Persistent Cookies can use when cookies used for the specified amount of time on the client computer.
Disadvantages of Cookies in Website testing
- Users can delete cookies which might be the loss of information stored in the cookies.
- Loss of site traffic: Sometimes, the website functionality will not work as intended when the cookie is disabled, which results in loss of website traffic.
- Sensitive information: Sometimes website stores the confidential information in the cookie with plain text, and it might lead to security loopholes if anyone opens and tamper with cookies.
- The accepting and rejecting of cookies is totally depends on the Users browser setting, so your web application should anticipate that possibility.
You can come up with more test scenarios and add more test cases to the above list. I suggest creating a spreadsheet and come up with as many scenarios for the cookie testing as you can that applies to your web application.
You may also want to check the cookie policies that apply to the EU and US FTC as that will give you enough information about what needs to be tested. The information compliance of the cookies can be used in various ways like setting up your privacy policies and also denying the advertisers manipulation etc.
I hope this article on Cookie Testing information in the article helped. If you have any suggestions for improvements to this article, feel free to comment in the comment section for improvement about Cookie Testing.