A cookie is a small piece of information sent by a web server to store on a web browser so that it can later be read by the browser. This way, the browser remembers some specific personal information. If a Hacker gets hold of the cookie information, it can lead to security issues.
Here are some important properties of cookies −
They are usually small text files, given ID tags that are stored on your computer's browser directory.
They are used by web developers to help users navigate their websites efficiently and perform certain functions.
When the user browses the same website again, the data stored in the cookie is sent back to the web server to notify the website of the user’s previous activities.
Cookies are unavoidable for websites that have huge databases, need logins, have customizable themes.
The cookie contains the following information −
Session Cookies − These cookies are temporary which are erased when the user closes the browser. Even if the user logs in again, a new cookie for that session is created.
Persistent cookies − These cookies remain on the hard disk drive unless user wipes them off or they expire. The Cookie's expiry is dependent on how long they can last.
Here are the ways to test the cookies −
Disabling Cookies − As a tester, we need to verify the access of the website after disabling cookies and to check if the pages are working properly. Navigating to all the pages of the website and watch for app crashes. It is also required to inform the user that cookies are required to use the site.
Corrupting Cookies − Another testing to be performed is by corrupting the cookies. In order to do the same, one has to find the location of the site's cookie and manually edit it with fake / invalid data which can be used access internal information from the domain which in turn can then be used to hack the site.
Removing Cookies − Remove all the cookies for the website and check how the website reacts to it.
Cross-Browser Compatibility − It is also important to check that cookies are being written properly on all supported browsers from any page that writes cookies.
Modern browsers support viewing/editing of the cookies inform within the Browser itself. There are plugins for mozilla/chrome using which we are able to perform the edit successfully.
The steps should be performed to Edit a cookie −
Download the plugin for Chrome from here
Edit the cookie value just by accessing the 'edit this cookie' plugin from chrome as shown below.