Understanding Cookies
Recommended IPTV Service Providers
- IPTVGREAT – Rating 4.8/5 ( 600+ Reviews )
- IPTVRESALE – Rating 5/5 ( 200+ Reviews )
- IPTVGANG – Rating 4.7/5 ( 1200+ Reviews )
- IPTVUNLOCK – Rating 5/5 ( 65 Reviews )
- IPTVFOLLOW -Rating 5/5 ( 48 Reviews )
- IPTVTOPS – Rating 5/5 ( 43 Reviews )
Initially, we’ll dig into HTTP cookies or Internet cookies to understand their purpose and functioning.
Understanding test conditions for inspecting website cookies becomes simpler once you have thorough knowledge about the operation of cookies, their storage on the hard drive, and the modification of cookie configurations.
What Exactly is an HTTP or Internet Cookie?
An Internet cookie is essentially a small fragment of data kept in a text file on user’s hard drive by a web server. It is later employed by the web browser to extract information from that device.
More often than not, the cookie contains individualized user information or data that facilitates communication between distinct web pages.
What This Guide Will Teach:
What is the Purpose of Web Cookies?
Cookies fundamentally serve as the user identification and help keep track of the user’s navigation on the website. The communication between the web browser and the server is stateless.
Here’s an Example:
If you are visiting the domain “http://www.example.com/1.html”, then the browser sends a simple request to the example.com web server for the webpage 1.html.
Upon entering “http://www.example.com/2.html” the next time, a new request gets dispatched to the example.com server to load 2.html webpage and the server has no recollection about the previous webpage 1.html served to the user.
In case you wish to maintain a record of user’s past interactions with the server, you have to monitor the user condition and the communication between the browser and the server. Here is where the cookie comes into play, helping sustain user interactions with the server.
How is the Operation of Cookies?
The HTTP protocol which exchanges data files on the internet, is used to manage the cookies.
There are primarily two types of protocols, Stateless HTTP and Stateful HTTP protocol. The former does not maintain any previous web page history, while the latter keeps track of previous interactions between the browser and the server, facilitating the cookie operation in maintaining a user’s interactions.
Every time a user visits a site or server using a cookie, a small code within the HTML page (usually, a call to a particular script language to write the cookie such as using JavaScipt, PHP, Perl) writes a text file, or a cookie onto the user’s machine.
Here’s an illustration of a code that is used to write a Cookie and can be placed on any HTML page:
Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME;
On revisiting the said page or domain at another time, this cookie is read from the disk and is used to recognize the second visit from the same user to that domain. The expiration time is decided during the writing of the cookie and depends on the application utilizing the cookie.
Generally, Two Varieties of Cookies are Written on the User’s Machine
#1) Session Cookies: The cookie remains active as long as the browser that called the cookie is open. It gets deleted once the browser is closed. Sometimes, a session with a specified time limit, say 20 minutes, is set to expire the cookie.
#2) Persistent Cookies: These are our everyday cookies that are written permanently on the user’s machine, and usually last for months or even years.
Where are the Cookies Located?
When any web portal application writes a cookie, it gets stored in a text file on the user’s hard drive. The path where the cookies are stored is dependent upon the browser. Different browsers will store cookies in various locations.
The Below-Mentioned Paths are Examples of where Cookies are Stored:
Internet Explorer: “C:UsersusernameAppDataRoamingMicrosoftWindowsCookies”.
Windows 7: “C:UsersusernameAppDataRoamingMicrosoftWindowsCookiesLow”.
Windows 8 and Windows 10: “C:UsersusernameAppDataLocalMicrosoftWindowsINetCookies”.
In the above paths, “Default User” is replaced by the current user you are logged in as, such as “Administrator,” username “Vijay”, etc. The cookie path is easily found by navigating through the browser settings.
In the Mozilla Firefox browser, cookies can even be viewed in the browser settings itself. Open the Mozilla browser, press the “Open menu” button? “Web Developer”? “Storage Inspector” or by pressing the combination “Shift + F9”.
In the Google Chrome browser, cookies can be found by typing “chrome://settings/content/cookies” in the address bar. Cookies can also be accessed using the browser console: Press F12 –> application –> storage –> cookies.
How are Cookies Kept?
An example would be a cookie written by rediff.com on the Mozilla Firefox browser. Upon opening the rediff.com page or logging into your Rediffmail account on the Mozilla Firefox browser, a cookie is written on your Hard disk.
To view this cookie, simply click on the “Show cookies” button mentioned in the path above. Click on the Rediff.com site under this cookie list.
Different Cookies are Written in the Rediff Domain with Distinct Names:
Site: Rediff.com Cookie name: RMID
Name: RMID (Name of the cookie)
Content: 1d11c8ec44bf49e0… (Encrypted content)
Domain: .rediff.com
Path: / (Any path after the domain name)
Send For: Any form of connection
Expires: Thursday, December 31, 2020, 11:59:59 PM
Scenarios Where Cookies can be Used:
#1) Implementing The Shopping Cart: Cookies help sustain an online ordering system. They remember user choices of which products they wish to buy. For example, a user may add some items to their shopping cart, but then decide not to make a purchase at the time and close the browser window.
In the above instance, when the same user revisits the purchase page, they can see all the products they previously added to their shopping cart.
#2) Personalized Sites: When a user visits a particular page, a user is asked which pages they do not wish to see or display. A user’s choice is saved in a cookie, and until the user is online, these unwanted pages are hidden.
#3) User Tracking: To keep a count of unique visitors online at a specific time.
#4) Marketing: Some businesses use cookies to display advertisements on user devices. Cookies control these ads- determining when and what advertisement should be run, what a user’s interests are, and what keywords they look for on the site. All these aspects can be controlled via cookies.
#5) User Sessions: Cookies can monitor user sessions on a specific domain using a user ID and password.
Shortcomings of Cookies
#1) While cookies are a great method to maintain user interaction, if a user sets their browser settings to warn ahead of writing each cookie or disables writing cookies completely, the site containing cookies would not be entirely functional and would thus, perform no action, likely leading to a drop in web traffic. This can be altered in your browser settings.
For Example: for google chrome, you need to navigate to Setting -> Advanced -> Content Settings -> Cookies. Here you can apply a global rule for Cookie preferences, or set cookie permission for individual websites.
In addition to browser preferences, certain changes to EU and US legislation force developers to alert users that Cookies are used on their website. Being compliant with these new laws ought to be a part of the test conditions for some areas.
#2) Excessive Use of Cookies: Writing too many cookies on each webpage navigation can be bothersome for users if the browser prompts the user for cookie activation too often. This could eventually drive users away from your site.
#3) Security Concerns: At times, a user’s private information is kept in Cookies. If a cookie is hacked, hackers could gain access to sensitive personal data. Even corrupted cookies could be read by different domains, thus creating security concerns.
#4) Sensitive Data: Some websites can log and store user sensitive data in Cookies. This is generally not allowed due to privacy concerns.
Test Cases for Testing Cookies in a Web Application
The first straight-forward test case is examining if the application is correctly writing Cookies on the disk. You can also use Cookie Tester tools if you do not have a web application to test. But it is necessary to understand the Cookie concept for such testing.
Some Major Test Cases for Testing Cookies in a Web Application
#1) As part of the Cookie privacy policy, ensure from your design documents that no personal or sensitive data is stored in the Cookie.
#2) If saving sensitive data in a Cookie is unavoidable, then ensure that the data written in a cookie is encrypted.
#3) Confirm that there isn’t overuse of cookies on your site under review. Overuse of cookies can annoy users if the browser prompts for cookies too often, resulting in a loss of site traffic and thus, business.
#4) Disable the Cookies from your browser settings. If cookies are being utilized in your site, major functionalities of your site would not operate if Cookies are disabled. Following this, try accessing the website under review.
Navigate through the website to see if the right message is being displated to the user, something along the lines of “For this website to function smoothly, ensure Cookies are enabled in your browser”.
No webpage should crash because of the disabling of Cookies. Ensure that you close all browsers and delete all previously written cookies before running this test.
#5) Accept/Reject Some Cookies: One effective way to test the functionality of the website is by not accepting all Cookies. Suppose you are writing 10 cookies on your web application, then accept some cookies (say 5) and reject the rest (say 5 Cookies).
To implement the above test case, you can adjust the browser options to prompt each time, the cookie is being written. In this prompt window, you can either accept or reject the cookie. Attempt to access the key functionality of the webpage and see if the pages are crashing or data is getting corrupted.
#6) Delete the Cookies: Allow the site to write cookies, then close all browsers and manually delete all cookies for the website that you’re reviewing. Afterward, access the web pages and examine the behavior of the pages.
#7) Corrupt the Cookies: Corrupting a cookie is easy. All you need to do is open the cookie in notepad and change the parameters to obscure values, like changing the content of the cookie, the cookie’s name, or the expiry date of the cookie. Then examine how the site functions.
In some scenarios, corrupted cookies allow the data within them to be accessed by a separate domain. This should not happen with your website cookies. It is important that if cookies are written by one domain, say rediff.com, they cannot be accessed by another domain, say yahoo.com, unless the cookies are corrupted and someone attempts to hack the cookie data.
#8 ) Checking if Cookies are Deleted from Your Web App Page: Sometimes, cookies written by a domain, say rediff.com, may be deleted by another page under the same domain. This is common if you’re testing ‘action tracking’ web portals.
Suggested Reading => Ways to Clear Browser Cache Memory
Action tracking or purchase tracking pixel is placed on the action web page, and when an action or purchase is carried out by a user, the Cookie written on disk is deleted to prevent multiple action logging from the same Cookie. Check if reaching your action or purchase page deletes the Cookie correctly and no additional invalid purchases or actions get record by the same user.
#9) Cookie Testing Across Multiple Browsers: This is an important test to see if your web application is correctly writing cookies across different browsers as intended, and if the site operates properly using these cookies. You could test your web application across widely used browsers, such as Google Chrome, Internet Explorer, Mozilla Firefox, Netscape, Opera, and so on.
#10) If your web application is using cookies to manage the log-in status of any user the login to your web application with a username and password.
In many cases, you can see the logged-in user ID parameter directly in the browser address bar. Change this parameter to a different value, say the previous user ID was 100 then make it 101 and hit the enter key. Appropriate entry messages must be displayed to the user, and the user should not be able to view another user’s account info.
#11) Verify whether cookies are persistent or not (according to your requirements) by examining the cookie edition and expiration date located in the Cookie file or the browser console.
#12) Check if the expiration date is assigned according to the requirements. In some cases, it is crucial to check if the Cookie expiration date is updated while operating the application (for session refreshing, for example). This can be tested in the browser console or in the cookie file itself.
Please note that decoding a cookie manually isn’t the most straightforward method, and it’s easier to rely on browser data. But if necessary, this thread provides some insight on the Cookie file structure.
#13) If some cookies are user-specific, it is crucial to ensure they are removed or merely overlooked if a different user logs into the application unless it is stated otherwise in the specification.
#14) Particular tests for multi-environment sites: Check if the same cookies are acceptable across all environments. Problems can be caused by the usage of wild cards in the cookie path (so-called supercookies). If it is a necessity to permit it, problems can be caused because a distinct encryption key is used (e.g for .Net, it’s a machine key that is usually unique unless specified otherwise).
They are some of the most important test cases to consider while inspecting web cookies. You can generate many test cases from these cases by doing several combinations. If you have
1 thought on “Website Cookie Testing & Test Cases for Testing Web Application Cookies”