When we visit a website for the first time, some sites will block part of our view with a pop up saying that cookies will be collected during that session. We are obliged to either tick a box or press close, which notifies the system that we have taken this information on board. But what exactly are cookies, and what is their purpose?

What are Cookies, and why?

Cookies hold limited amounts of data collected about us by each site we visit. The information is then stored in a text file within the hard drive of the device that we used during the session.  This data is then accessed by the browser when it requests information from the server, such as user ids or preferences that we have previously established.

Cookie testing

Cookies are most commonly used to store a visitor’s user id or remember me code for some websites, which makes access quicker and more convenient for the user on their next visit. They are often used by shopping websites too, especially those using shopping carts.  Marketing websites utilise them for personalizing advertisements according to the user’s interests that have been previously tracked and recorded within the cookie. They are also used by other sites that have an interest in tracking user visits.

What information is stored in Cookies?

Cookies mostly contain:

  • The name of the server from where the cookie info was sent
  • The cookie’s expiry date
  • The cookie’s unique identifier simply called a cookie ID

Are all Cookies the same?

All cookies store small pieces of data but their purposes and uses are not all the same. There are three categories of cookies; session cookies, persistent cookies and third-party cookies. Session cookies are automatically deleted from the user’s computer as soon as he or she closes the browser, while persistent cookies will have an expiration date attached, so will remain in the user’s computer until expiry or until the user actively deletes their cookie cache. The last class of cookies are installed by a third party for reasons of research, not being implemented through a user’s direct activity.

Is it important to test Cookies?

As cookies can play an important part in how smoothly a website functions, it’s pretty important that you test how they are written and stored in your hard drive by the the websites you visit. The issue of security is important too because of the significant information stored locally within each cookie.

How to Test Cookies

Below are a series of test case suggestions that can be considered when testing cookies.

Disable your Cookies

Cookies can be disabled from the browser settings. After disabling the cookies, you will need to test various functionalities and pages in the website and monitor the general functioning because it may behave unexpectedly while the cookies are disabled, even though websites should be able to proactively recover from any potential failures and behave normally. Some websites offer information to the user via help messages whenever cookies are disabled, so effective testing will ensure that these scenarios can be handled upfront.

Test by Cookies by editing them

Another scenario to test the app after editing the cookie information. This is relevant when the cookies are used for storing user information such as users ids. You can go into the cookie file and edit the current id with another valid/invalid number. Following that edit, the website should not be logging you in, and should show proper “access denied” messages.

Test Cookies by removing them

Here, you need to physically delete the cookie and retest how the website behaves in this case. Once they have been removed from the computer, the website should still behave normally and give sufficient information to the user, rather than failing abruptly.

Corrupt your Cookies

This is an important test case in cookie testing. Hackers will use the cookies to get unauthorized information about you and your web application. They mainly do it by corrupting and overwriting cookie information with the aim of giving the hacker unauthorized access to your site. This test is essential for banking and financial websites, where security is of utmost importance. You need to corrupt your cookies, then monitor the behavior of the web app.

Test Cookies for Cross-Browser Compatibility

Web pages should be able to write cookies properly on all supported browsers. Cookie information may not be properly stored while using some websites on some browsers. So cross-browser compatibility of cookies should also be tested and verified.

Test for Cookie Encryption

We have said that usernames, user ID’s and other sensitive information could be stored in cookie files for some websites. To ensure security, this information should be encrypted before it is sent to the local computer.

Test the behavior of Cookies across different websites and Browsers

A cookie written by a website on a particular browser should not be able to be used by another browser or another website. This scenario needs to be appropriately tested.

Test the behavior of Cookies when accepting and rejecting them

By setting cookie options on the browser to promptly accept/reject cookies, you can test each scenario on the go while the cookies are generated and monitor the behaviour of the application.

Where can I find these Cookies?

There’s no set place for where cookie text files are kept, as paths vary according to which browser you use. To discover their location, take a look at the browser cookie settings on your own machine.

Some Issues to be Aware of when Employing Cookies

From what we have discussed so far, we can see that the following problems can occur if you use cookies on your website:

  • Usability: If a user has a personal preference against cookies or is unsure of the cookie policy on the browser, using what would be considered too many cookies can discourage them from visiting your site.
  • Security: Storing users’ sensitive information within cookies may endanger or compromise security.
  • Functionality: Malfunctions may occur in a site that overuses cookies, if the user has opted for a strict cookie policy or is unsure of the cookie policy on the browser.

Common Cookie testing Plugins

  • Cookie Manager – This is a cookie editor for Firefox and will be available as a Firefox Add-on
  • EditThisCookie – This is a widely used cookie editor that works with Google Chrome, and can be installed as a Chrome extension