Cookie is known as a text file that gets saved in the hard disk of the user’s system. Browsers are required to use the cookies which have been saved in the desired location. Informative data is recorded in the cookie and that can be retrieved for the web pages. A “cookie” is a small piece of information sent by a web server to store on a web browser so it can later be read back from that browser.
Being a tester, testing for the cookies is very essential since there are many web applications which include informative content and payment transactions. Below are the steps which should be considered while doing testing:
- Check if the application is writing cookies properly or not.
- Test to make sure that no personal or sensitive data is stored in the cookie. If it is there in cookies, it should be in encrypted format.
- Close all browsers windows and manually delete all cookies. Navigate various web pages and check and see if these web pages show unexpected behavior.
- Edit few cookies manually in notepad or some other editor. Make modifications like alter the cookie content, name of the cookie, change expiry date etc. Now, test the site functionality. Corrupted cookies should not allow reading the data inside it.
- Cookies written by one web site should not be accessible by other website.
- If you are testing an online shopping portal, check if reaching to your final order summary page deletes the cookie of previous page of shopping cart properly and no invalid action or purchase got executed from same logged in user.
- Check if the application under test is writing the cookies properly on different browsers as intended and site works properly using these cookies. This test can be done on browsers like different versions of internet explorer, Mozilla Firefox, Netscape, Opera etc.
- If the application under test is using cookies to maintain the logging state for users. Check if some id is being displayed in the address bar. Now, change the id & press enter. It should display an access denied message and you should not be able to see other user’s account.