In technology driven world, companies create profiles and other respective details in web applications, accessed through web browsers be it Firefox, Chrome, Internet Explorer, Safari, Netscape Navigator etc. The Web applications are based in different domains and respective utility for users.
The web applications are tested through cookies. The tester needs to understand the complexity of the cookies and how they can be used in web application testing. Cookie is small data stored in text file on user’s hard drive by the web server. This information can be later used by web browser to retrieve personalized user data or information required to communicate between different web pages.
Cookies are of mainly two types: Session & Persistent. Session cookies are active till the browser that triggered the cookie is open. When we close the browser, this session cookie gets deleted. Persistent Cookies are written permanently on the user machine and lasts for months or years.
Cookies path refers to location wherein they get stored depending on the browser, as different browsers store cookies in different paths. For example: Internet Explorer stores cookies on path ‘C:\Documents and Settings\Default User\Cookies’ whereas in Mozilla Firefox, cookies are one preference in browser options itself.
Instances where cookies can be used:

• The Online shopping applications asks user’s choice about the pages/functions which they wish/or not to visit or view. User preference options are stored in cookies.
• The personalized sites which allow users to select pages which they don’t want to visit or view.
• User tracking apps to track number of unique visitors online at particular time.
• Some companies use cookies to display advertisements on user machines.
• Cookies can track user sessions to particular domain using user ID and password.

What and how to test cookies?

• Privacy Policy: Cookie privacy policy defines which information whether personal or sensitive; is required to be stored in the cookie. Cookies privacy policy is based on business nature.
• Encrypted Sensitive Data: If business activities require saving information in cookie, make sure sensitive data is stored in encrypted format.
• No Overuse: Overuse of cookies may annoy users if web browser is prompting for cookies more often and this could result in website traffic loss and finally business loss. Make sure that the applications do not overuse cookies on website under test.
• Disable the cookies from your browser settings: If web application’s major functionality gets affected by disabling the cookies, make sure that an appropriate message is displayed to user like ‘For smooth functioning of this website, please make sure that cookies are enabled on your browser’. Also try to access the web site under test to ensure that there is no page crash due to disabling the cookies.
• Accepts/Reject some cookies: While testing web application functionalities, do not accept all cookies and set browser options to prompt whenever cookie is being written to disk. On this prompt window, user can either accept or reject cookie. Try to access major functionality of web site and make sure that pages are not getting crashed or data is not getting corrupted.
• Corrupt the cookies: Corrupting cookie is easy to hack if user knows where cookies are stored. Manually edit and make changes in the cookies. Cookies written by one domain cannot be accessed by other domains except when cookies are corrupted.
• Delete cookies: Browse web applications to save cookies on your system/browser. Close web browser and manually delete all cookies for respective website under test. Again open web application and try to access the web page and check the behaviour of the pages.
• Testing cookies on multiple browsers: Make sure that web application pages have cookies script running on different browsers as intended and website works using these cookies. Most popular browsers are Internet explorer (all versions), Mozilla Firefox, Netscape, Opera etc.
• Cookies used to store the login details: Secured web applications have login functions of specific username and password. Websites should display proper access message to user and one user should not be able to see other users’ details.

Modern browsers allow view/edit function of the cookies in the browser itself. There are plugins available for web browsers to test cookies. For example, ‘Mozilla Advance Cookie Manager’ may be used in Mozilla Firefox and for Google Chrome, ‘Edit This Cookie’ plugin can be used.
Cookies play a significant role in maintaining user data in web applications. The security is a critical aspect for application mainly in banking & financial domain web applications, cookies help in tracking the fraudulent incidents. The Testing team must perform the cookies testing & application performance under different cookies scenario to make their application robust & bug free.In technology driven world, companies create profiles and other respective details in web applications, accessed through web browsers be it Firefox, Chrome, Internet Explorer, Safari, Netscape Navigator etc. The Web applications are based in different domains and respective utility for users.
The web applications are tested through cookies. The tester needs to understand the complexity of the cookies and how they can be used in web application testing. Cookie is small data stored in text file on user’s hard drive by the web server. This information can be later used by web browser to retrieve personalized user data or information required to communicate between different web pages.
Cookies are of mainly two types: Session & Persistent. Session cookies are active till the browser that triggered the cookie is open. When we close the browser, this session cookie gets deleted. Persistent Cookies are written permanently on the user machine and lasts for months or years.
Cookies path refers to location wherein they get stored depending on the browser, as different browsers store cookies in different paths. For example: Internet Explorer stores cookies on path ‘C:\Documents and Settings\Default User\Cookies’ whereas in Mozilla Firefox, cookies are one preference in browser options itself.
Instances where cookies can be used:

• The Online shopping applications asks user’s choice about the pages/functions which they wish/or not to visit or view. User preference options are stored in cookies.
• The personalized sites which allow users to select pages which they don’t want to visit or view.
• User tracking apps to track number of unique visitors online at particular time.
• Some companies use cookies to display advertisements on user machines.
• Cookies can track user sessions to particular domain using user ID and password.

What and how to test cookies?

• Privacy Policy: Cookie privacy policy defines which information whether personal or sensitive; is required to be stored in the cookie. Cookies privacy policy is based on business nature.
• Encrypted Sensitive Data: If business activities require saving information in cookie, make sure sensitive data is stored in encrypted format.
• No Overuse: Overuse of cookies may annoy users if web browser is prompting for cookies more often and this could result in website traffic loss and finally business loss. Make sure that the applications do not overuse cookies on website under test.
• Disable the cookies from your browser settings: If web application’s major functionality gets affected by disabling the cookies, make sure that an appropriate message is displayed to user like ‘For smooth functioning of this website, please make sure that cookies are enabled on your browser’. Also try to access the web site under test to ensure that there is no page crash due to disabling the cookies.
• Accepts/Reject some cookies: While testing web application functionalities, do not accept all cookies and set browser options to prompt whenever cookie is being written to disk. On this prompt window, user can either accept or reject cookie. Try to access major functionality of web site and make sure that pages are not getting crashed or data is not getting corrupted.
• Corrupt the cookies: Corrupting cookie is easy to hack if user knows where cookies are stored. Manually edit and make changes in the cookies. Cookies written by one domain cannot be accessed by other domains except when cookies are corrupted.
• Delete cookies: Browse web applications to save cookies on your system/browser. Close web browser and manually delete all cookies for respective website under test. Again open web application and try to access the web page and check the behaviour of the pages.
• Testing cookies on multiple browsers: Make sure that web application pages have cookies script running on different browsers as intended and website works using these cookies. Most popular browsers are Internet explorer (all versions), Mozilla Firefox, Netscape, Opera etc.
• Cookies used to store the login details: Secured web applications have login functions of specific username and password. Websites should display proper access message to user and one user should not be able to see other users’ details.

Modern browsers allow view/edit function of the cookies in the browser itself. There are plugins available for web browsers to test cookies. For example, ‘Mozilla Advance Cookie Manager’ may be used in Mozilla Firefox and for Google Chrome, ‘Edit This Cookie’ plugin can be used.
Cookies play a significant role in maintaining user data in web applications. The security is a critical aspect for application mainly in banking & financial domain web applications, cookies help in tracking the fraudulent incidents. The Testing team must perform the cookies testing & application performance under different cookies scenario to make their application robust & bug free.[:]