When a surfer (reader) checks a website in the browser, the website starts a session (provided that the website is not static) and stores a cookie. This cookie is used by browser to decide the behavior of website during the session.
Why Test Cookies?
European union has asked the EU based sites to notify the surfers if their site uses advertisement which require cookies to be installed in the browser. So such cookies are often require testing so that they are in compliance with the terms of EU or FTC(US). Other than that cookie testing is very important task before releasing web applications that has authentication and transaction features. If you are interested in testing the cookies for your web application. You may want to make use of the test cases mentioned in this article.
Here are some of the sample test cases.
Check if the cookie stored by one website is not being used by another website.
Check if the website stores the cookie in proper location of the browsers cookie storage location.
Check each of the browser cookie storage location are unique.
Check if the cookie does not contain sensitive information like password, username or credit card number and CVV numbers.
Check if the login credentials of one website are not used by obtaining same cookie in another website.
Check if the cookie deletion changes the behavior of website that doesn’t require login or authentication.
Check if the behavior of the website changes after cookie deletion for sites that require authentication.
Check if the website overuses the cookies in an application.
Check the behavior of website if the cookies are disabled.
Check the behavior if the website can’t store the cookies in browser.
Modify the cookie information and observe the behavior of the website or the web service.
Test whether your application is writing cookies or not.
For testing Privacy of Cookies ,Test that no personal or sensitive data is stored in the cookie.
If there is no other option than saving sensitive data in cookie , Test that data stored in cookie is stored in encrypted format.
a. In menu bar, Go to “Tools” and click on “option”.
b. Go to “Privacy”.
c. In section of “history”, select “use custom setting for history” from the dropdown list.
d. For checkbox of “accept third party cookies” , select “ask me every time” from the dropdown list.
Test that user is able to access the web application after disabling the cookies. There should not be any page crash due to disabling the cookies.
Test the functionality of web application by not accepting all the cookies . ie If you are writing 10 cookies in your web application then randomly accept some cookies say accept 5 and reject 5 cookies. For executing this test case you can set browser options to ask whenever cookie is being written to disk. On this alert window you can either accept or reject cookie. Try to access major functionality of web application. And test whether pages are getting crashed or data is getting corrupted.
Test to access the web pages and check the behavior of the pages after deleting all the cookies manually.
Test your web application by Corrupting the Cookies. You know where cookies are stored. Manually edit the cookie in notepad and change the parameters to some other values. Like alter the cookie content, name of the cookie or expiry date of the cookie and test the functionality of web application.
Perform Cookie Testing of your web application on Multiple Browsers: Test whether your web application page is writing the cookies properly on different browsers
If your web application maintain the logging state of any user by help of cookies then test by changing the parameter to different value by editing the cookie. An alert message should be displayed to user and user should not be able to see other users account.