Semeena.A

• Dec 4th, 2006

 

Different type of Cookie testings

1. Disabling Cookies- This is probably the easiest area of cookie testing. What happens to the Web site if all cookies are disabled? Start by closing all instances of your browser and deleting all cookies from your PC set by the site under test. The cookie file is kept open by the browser while it?s running, so you must close the browser to delete the cookies. Closing the browser also removes any per-session cookies in memory.Disable all cookies and attempt to use the site?s major features and functions. Most of the time, you will find that these sites won?t work when cookies are disabled. This isn?t a bug, but rather a fact of life: disabling cookies on a site that requires cookies (of course!) disables the site?s functionality.

2. Selectively Rejecting Cookies- What happens to the site if some cookies are accepted and others are rejected? Start by deleting all cookies from your PC set by the site under test and set your browser?s cookie option to prompt you whenever a Web site attempts to set a cookie. Exercise the site?s major functions. You will be prompted for each and every cookie the site attempts to set. Accept some and reject others. (Analyze site cookie usage in advance and draw up a test plan detailing what cookies to reject/accept for each function.) How does the site hold up under this selective cookie rejection? As above, does the Web server detect that certain cookies are being rejected and respond with an appropriate message? Or does the site malfunction, crash, corrupt data, or misbehave in other ways?

3. Corrupting Cookies- Along the way, as cookies are created and modified, try things like

        a. Altering the data in the persistent cookies. Since the per-session cookies are stored only in memory, they aren?t readily accessible for editing.

         b. Selectively deleting cookies. Allow the cookie to be written (or modified), perform several more actions on the site, then delete that cookie. Continue using the site. What happens? Is it easy to recover? Any data loss or corrupted? 

4. Cookie Encryption - While investigating cookie usage on the site you?re testing, pay particular attention to the meaning of the cookie data. Sensitive information like usernames and passwords should NOT be stored in plain text for all the world to read; this data should be encrypted before it is sent to your computer.