Cookies

What are cookies?

• cookies are a piece of information that websites place in the browser to:
  • track users
  • store a variety of data such as tokens for authentication, user preferences etc
• Cookies 🍪 in web development

When cookies were introduced?

• Cookies Wikipedia
  • Cookies were first introduced by Netscape in an attempt to store user’s session data.

Set cookies across domains

• StackoOverflow thread with the raw definition and how to set it with javascript
• leading dot is not required as per RFC6265 and MDN
• testing across domains is challenging, is there an alternative to only testing them in each subdomain?
  • The stackoverflow has a discussion regarding the topic, it is worth mentioning to be careful with CORS

Testing cookies

• Website Cookie Testing & Test Cases For Testing Web Application Cookies
  • cookies are pieces of information stored on the end-user machine
  • quote: “Cookies serve the purpose of maintaining user interactions with a web server.”
  • session cookie:
    • until the browser is open
  • persistent cookie:
    • permanently stored on user machine (until expiration date)
  • examples:
    • shopping cart
    • personalised sites
    • user tracking (this is the most common usage)
    • user sessions
  • drawbacks:
    • cookies can be disabled (this is becoming a concern given the privacy efforts in the web space)
    • #security issues, as attackers can gain access to cookies
      • XSS being one of the most famous
      • Cross-Site Request Forgery (CSRF)
  • test for:
    • privacy (accepting or not)
      • mix of accepting some and rejecting others
    • disabling cookies
    • corrupt cookies
    • deleting cookies