To carry out any testing, you need to create effective test cases. Then only you will be able to fetch more appropriate outcomes from the testing. To develop effective test cases for web site cookie testing, you need to understand how the cookies are stored and managed.
Whenever you use a web site a cookie will get written on to your hard disk. Normally cookies are stored in the following format:
Site: abc.com RMID (name of the cookie)
Name: RMID
Content: 1d14c8ec45bf79e0… (Written in Encrypted format)
Domain: .abc.com
Path: / (the path after the name of the domain)
Send For: the type of the connection
Expires: Tuesday, December 31, 2015 10:25:25 PM date of expiry as set by the developer)
The cookies are used for the following applications:
1.Implementation of the shopping cart:
Cookies are used to implement online product or service ordering system. Cookies are a way to remember what the user wants to purchase. Suppose, if at the instant of time the customer adds some products to his carts and closes the browser window, then the cookie remembers what he/ she wants to buy and the customer can see ll those products.
2. Personalized web sites:
When we are browsing and visit certain pages. We are asked whether or not to display this page. The user instruction is stored in the cookie and those pages are displayed or not displayed as per the wish of the user.
3. Marketing:
Cookies are extensively used to advertise on the web sites. These advertisements are controlled by the cookie itself.
4. User tracking:
Cookies are used to track the number of visitors of a web site.
5. User sessions:
User sessions can be tracked using the cookie using the contained user ID and the password.
Apart from the benefits, the cookies have some drawbacks also. These are:
- Some times disabling the cookies can lead to disabling of the site itself.
- If too many cookies are being written on each and every page navigation, and if the cookies are enabled, this can lead to user frustration can result in the loss of traffic.
- Cookies are concerned with security also.
- Some cookies contain user’s personal information and if they are hacked, then the hacker gets access to the user’s personal information.
- Some sites store your sensitive information cookies. This is not advisable since it can lead to serious privacy concerns.
Test Cases for testing Web Application Cookies
- First test case should test whether the application is writing the cookies on the disk properly or not?
- The privacy policy of the cookie makes sure that your personal information is not written in to the cookie. It also makes sure that no sensitive data is leaked.
- Even if some sensitive data is stored in the cookies, it is made sure that the data is stored in the encrypted format.
- Overuse of cookies can annoy the users if the browser prompts for cookies frequently. This can cause loss of traffic of the web site.
- Disabling of cookies can cause some functionalities of the web site to become disabled or the site may not function properly. But always ensure that there is no page crash during the testing. Delete all the previous cookies.
- Acceptation and rejection of some cookies: this is probably the best way to check the functionality of site. All you have to do is accept only some of cookies and reject the others. For executing this case, you can set your browser settings so as to prompt you whenever a cookie is being written so that you can accept or reject that cookie. Observe the behavior of site.
- Corruption of cookies by editing their content.
- Testing of cookie on multiple browsers.
Monday, January 23, 2012
What are different test cases for testing web application cookies?
Tuesday, January 17, 2012
What are different aspects of web site cookie testing?
In the last post, we already discussed what a cookie is and how and when they are used. So let us explore a little more about these cookies. Here we are going to discuss how the websites that use cookies are tested.
Disabling the cookie
Disabling the cookie feature is perhaps the easiest concept under website cookie testing. Disabling the cookies is the first step in web site cookie testing.
- How the turning off or disabling of the cookies does affects a web site? You can check out by yourself.
- Clean up all the cookies and close all the open browser windows of the site that is to be tested.
- When you close the browser windows, the session cookies are automatically deleted.
- Keep the cookie folder open while you are browsing the site.
- You have to close the browser in order to delete all the cookies.
- You will notice that as you close the browser, the session cookies are automatically deleted.
- Now you disable the cookies and try using the features of the website.
- You will observe that most of the features do not work since the cookies have been disabled.
- So we can conclude that the disabling the cookies, disables the functionality of the web site.
To use the website, the cookies must be enabled.
- The question here worth asking is that whether or not the server of that website is able to recognize its failure while attempting to set the cookies?
- And if it is recognizing also, does it send a notification or a message to user stating that the cookies must be enable in order for that web site to work?
- If this is not the case then the user will keep on trying to use the web site and will get frustrated without knowing that why the web site is not responding.
Amazon.com is one of the websites that work well even without the cookies. In such kind of web sites, the maintenance of the state if taken care of by the server side on the basis of the session ID stated at the end of the URL of the home page.
The URL of the home page of the web site was:
www.amazon.com/…/home.html/104-0233809-0567844
- The rightmost digit was changed from 4 to 5 and reposted in the URL.
- Amazon discards the edited URL and effectively recovers from the URL corruption by creating a URL with the help of a new session ID:
www.amazon.com/…/home.html/107-0357660-1139507
- From the above observation we conclude that the above hypothesis is correct.
To understand the test cases you need to understand how the cookies work and how they are stored and how the cookie settings can be edited? Here we are going to list some test cases for web site cookie testing:
- In concern to your privacy, the cookie privacy policy takes care that your personal data is not stored or used by the cookie.
- If no, then the cookie will save your sensitive data in an encrypted format.
- Always make sure that there is no over usage of cookies on the web site under test.This can annoy the users since the browser will prompt for cookies more often and this can cause a decline in the site traffic.
- If the site under test makes use of cookies, then it will not function properly on the disabling of cookies. Try to navigate through the website and use the features. But, make sure that the web site does not crash.
- Corruption of cookies
Change the values of the cookies to some vague values by editing them in note pad. You may later the contents of the cookie or change the parameters and observer the behavior of the website.
Monday, January 16, 2012
What are cookies and its types? Where are cookies used?
A cookie or an HTTP cookie can be defined as a message used by an origin website to send the information about the state to the browser of the user and by the browser to send the information about its state to the origin site.
An HTTP cookie is known by many names such as web cookie, browser cookie etc.
The information of the state that is sent across the origin site and the user’s browser is used for the purpose of:
- Authentication
- Identification of the session of an user
- Preferences of the user and
- Contents of the shopping cart
In other word HTTP cookies are used for any purpose that can be accomplished using the process storing text data on the computer of the user.
Characteristics and Uses of Cookie
- The main characteristic of Cookies is that they cannot be programmed and thus, cannot carry any kind of viruses or worms.
- Any malware cannot be installed on the host system with the use of a cookie. So they are safe to this extent.
- However, cookies can be effectively used by a spyware to track the browsing activities of the users.
- This is a major privacy concern and has prompted European and US law makers to take action in the past few years.
- Cookies are very easy to steal and are thus often misused by the hackers.
- Hackers steal the cookies and use them to gain access to the web account of the victim.
- Cookies were first used to solve the problem of implementation of the shopping cart.
- Initially the cookies were developed for the Netscape browser.
- They were used to check if the earlier visitors visited the site again.
- Later cookies were developed for internet explorer and other browsers.
- The concept of the cookies was not widely known to the public at that time.
The term “HTTP cookie” came into existence in the year of 1994. It has been derived from “magic cookie”.
What are Magic Cookies?
- Magic cookie was actually a data packet that a program receives and sends again to the program on the other side without altering the contents of the packet.
- Magic cookies were used in computing systems long back and were introduced in web communications by Lou Montulli in June 1994.
The development of a cookie for formal specifications is always in progress. Till date many types of cookies have developed. They have been discussed below:
Session cookie:
- This cookie has a lifetime equal to the time period of the user using the website.
- These cookies are automatically deleted after the end of a session.
Persistent cookie:
- These cookies last even after the session has expired.
- If a persistent cookie has its maximum age set to one year, then till the one year is over, the cookie will be sending information to the server every time the website is visited.
- These are also called tracking cookies.
Secure cookie:
- These cookies are used by the browser if it accessing server through an HTTPS connection.
- This ensures that the cookie is always encrypted during the transmission of the information.
- This prevents cookie theft.
HTTP only cookie:
- This type of cookie is mostly supported by all the modern browsers.
- On a browser which supports HTTP, an HTTP only cookie is used during transmission of HTTP requests.
- It restricts the access from other non HTTP scripts.
Third party cookie:
- The first party cookies are set with the same domain or sub domain in the address bar of the browser.
- But, third party cookies are set with various domains other than the one mentioned in the address bar.
Super cookie:
- A cookie with a public suffix domain like .co.uk, .com etc.
Zombie cookie:
- This cookie is automatically recreated after its deletion.
