What are different test cases for testing web application cookies?

To carry out any testing, you need to create effective test cases. Then only you will be able to fetch more appropriate outcomes from the testing. To develop effective test cases for web site cookie testing, you need to understand how the cookies are stored and managed.

Whenever you use a web site a cookie will get written on to your hard disk. Normally cookies are stored in the following format:

Site: abc.com RMID (name of the cookie)
Name: RMID
Content: 1d14c8ec45bf79e0… (Written in Encrypted format)
Domain: .abc.com
Path: / (the path after the name of the domain)
Send For: the type of the connection
Expires: Tuesday, December 31, 2015 10:25:25 PM date of expiry as set by the developer)

The cookies are used for the following applications:

1.Implementation of the shopping cart:
Cookies are used to implement online product or service ordering system. Cookies are a way to remember what the user wants to purchase. Suppose, if at the instant of time the customer adds some products to his carts and closes the browser window, then the cookie remembers what he/ she wants to buy and the customer can see ll those products.

2. Personalized web sites:
When we are browsing and visit certain pages. We are asked whether or not to display this page. The user instruction is stored in the cookie and those pages are displayed or not displayed as per the wish of the user.

3. Marketing:
Cookies are extensively used to advertise on the web sites. These advertisements are controlled by the cookie itself.

4. User tracking:
Cookies are used to track the number of visitors of a web site.

5. User sessions:
User sessions can be tracked using the cookie using the contained user ID and the password.

Apart from the benefits, the cookies have some drawbacks also. These are:
- Some times disabling the cookies can lead to disabling of the site itself.

- If too many cookies are being written on each and every page navigation, and if the cookies are enabled, this can lead to user frustration can result in the loss of traffic.

- Cookies are concerned with security also.

- Some cookies contain user’s personal information and if they are hacked, then the hacker gets access to the user’s personal information.

- Some sites store your sensitive information cookies. This is not advisable since it can lead to serious privacy concerns.

Test Cases for testing Web Application Cookies

- First test case should test whether the application is writing the cookies on the disk properly or not?

- The privacy policy of the cookie makes sure that your personal information is not written in to the cookie. It also makes sure that no sensitive data is leaked.

- Even if some sensitive data is stored in the cookies, it is made sure that the data is stored in the encrypted format.

- Overuse of cookies can annoy the users if the browser prompts for cookies frequently. This can cause loss of traffic of the web site.

- Disabling of cookies can cause some functionalities of the web site to become disabled or the site may not function properly. But always ensure that there is no page crash during the testing. Delete all the previous cookies.

- Acceptation and rejection of some cookies: this is probably the best way to check the functionality of site. All you have to do is accept only some of cookies and reject the others. For executing this case, you can set your browser settings so as to prompt you whenever a cookie is being written so that you can accept or reject that cookie. Observe the behavior of site.

- Corruption of cookies by editing their content.

- Testing of cookie on multiple browsers.

What are different aspects of web site cookie testing?

In the last post, we already discussed what a cookie is and how and when they are used. So let us explore a little more about these cookies. Here we are going to discuss how the websites that use cookies are tested.

Disabling the cookie

Disabling the cookie feature is perhaps the easiest concept under website cookie testing. Disabling the cookies is the first step in web site cookie testing.

- How the turning off or disabling of the cookies does affects a web site? You can check out by yourself.

- Clean up all the cookies and close all the open browser windows of the site that is to be tested.

- When you close the browser windows, the session cookies are automatically deleted.

- Keep the cookie folder open while you are browsing the site.

- You have to close the browser in order to delete all the cookies.

- You will notice that as you close the browser, the session cookies are automatically deleted.

- Now you disable the cookies and try using the features of the website.

- You will observe that most of the features do not work since the cookies have been disabled.

- So we can conclude that the disabling the cookies, disables the functionality of the web site.

To use the website, the cookies must be enabled.
- The question here worth asking is that whether or not the server of that website is able to recognize its failure while attempting to set the cookies?

- And if it is recognizing also, does it send a notification or a message to user stating that the cookies must be enable in order for that web site to work?

- If this is not the case then the user will keep on trying to use the web site and will get frustrated without knowing that why the web site is not responding.

Amazon.com is one of the websites that work well even without the cookies. In such kind of web sites, the maintenance of the state if taken care of by the server side on the basis of the session ID stated at the end of the URL of the home page.

The URL of the home page of the web site was:
www.amazon.com/…/home.html/104-0233809-0567844

- The rightmost digit was changed from 4 to 5 and reposted in the URL.

- Amazon discards the edited URL and effectively recovers from the URL corruption by creating a URL with the help of a new session ID:
www.amazon.com/…/home.html/107-0357660-1139507

- From the above observation we conclude that the above hypothesis is correct.

To understand the test cases you need to understand how the cookies work and how they are stored and how the cookie settings can be edited? Here we are going to list some test cases for web site cookie testing:


- In concern to your privacy, the cookie privacy policy takes care that your personal data is not stored or used by the cookie.

- If no, then the cookie will save your sensitive data in an encrypted format.

- Always make sure that there is no over usage of cookies on the web site under test.This can annoy the users since the browser will prompt for cookies more often and this can cause a decline in the site traffic.

- If the site under test makes use of cookies, then it will not function properly on the disabling of cookies. Try to navigate through the website and use the features. But, make sure that the web site does not crash.

- Corruption of cookies
Change the values of the cookies to some vague values by editing them in note pad. You may later the contents of the cookie or change the parameters and observer the behavior of the website.