What are cookies?

  • cookies are a piece of information that websites place in the browser to:
    • track users
    • store a variety of data such as tokens for authentication, user preferences etc
  • Cookies 🍪 in web development

When cookies were introduced?

  • Cookies Wikipedia
    • Cookies were first introduced by Netscape in an attempt to store user’s session data.

Set cookies across domains

  • StackoOverflow thread with the raw definition and how to set it with javascript
  • leading dot is not required as per RFC6265 and MDN
  • testing across domains is challenging, is there an alternative to only testing them in each subdomain?
    • The stackoverflow has a discussion regarding the topic, it is worth mentioning to be careful with CORS

Testing cookies

  • Website Cookie Testing & Test Cases For Testing Web Application Cookies
    • cookies are pieces of information stored on the end-user machine
    • quote: “Cookies serve the purpose of maintaining user interactions with a web server.”
    • session cookie:
      • until the browser is open
    • persistent cookie:
      • permanently stored on user machine (until expiration date)
    • examples:
      • shopping cart
      • personalised sites
      • user tracking (this is the most common usage)
      • user sessions
    • drawbacks:
      • cookies can be disabled (this is becoming a concern given the privacy efforts in the web space)
      • #security issues, as attackers can gain access to cookies
        • XSS being one of the most famous
        • Cross-Site Request Forgery (CSRF)
    • test for:
      • privacy (accepting or not)
        • mix of accepting some and rejecting others
      • disabling cookies
      • corrupt cookies
      • deleting cookies