Set cookie in Postman with variable - postman

I'm trying to write some postman tests that require me to set a cookie. My first request returns a token in a json payload. I've pulled this out and stored it in a variable but I cant seem to inject this into a cookie for further requests.
I get the value for the cookie like:
var json = pm.response.json();
pm.globals.set("my-cookie", json.Token);
I've tried this in the cookie dialog box:
my-cookie={{my-cookie}}; path=/; domain=.myhost.com; Expires=Tue, 19 Jan 2038 03:14:07 GMT;
However when it sends the cookie it sends the above without replacing the variable the, i.e. it has {{my-cookie}} rather than the value of the variable.
I cant see anything in the postman API that will enable me to set cookies on a request grammatically.
I did see this, but it only mentions adding them via the dialog
https://www.getpostman.com/docs/v6/postman/sending_api_requests/interceptor_extension
I also found this, but could find no mention of how to use it.
https://www.postmanlabs.com/postman-collection/Cookie.html
I'm assuming this is a common requirement and must be missing something obvious. Does anyone know how to do this?

Try using the Headers feature with a key of Cookie and a value of cookieName={{yourVariable}}

In case anyone stumbles upon this question, in current version there is a special section for setting request cookies on the righthand side of the request window.

For me it was just inserting {{token}} also.
I had to click the 'whitelist domain' under 'cookies' to whitelist my domain first. Then re-request the request that populates the token.
This got it working.
Note if the cookie has secure set, your baseurl should also include https://

Related

Storing the value of cookie in variable but doesn't appear in cookie data in request body in Jmeter

There are lots of cookies present and I need to extract those cookie and pass them as a post parameter in further request. So i have changed the setting for them in jmeter.property file as
save.cookies=true
check.cookies=false
Then after running the test, I got those cookie value in debug sampler as ${COOKIE_}
EXPECTED:
GET data:
Cookie Data:
private_content_version=e17f5f6a5ed9557378a6f85fa2202c0e;form_key=mCPI56sUAl6bqAJdqq;
Actual Result
GET data:
[no cookies]
I have passed in the value in HTTP header manager as
name=private_content_version
Value=${COOKIE_private_content_version}
name=form_key
Value=${COOKIE_Form_key}
But instead of value, same variable is passed as ${COOKIE_private_content_version}
Also there are multiple cookies and I need to fetch them too and pass them in further http request payload,but unable to do that.What I AM MISSING?Please help
DO I NEED TO ADD THEM COOKIE MANAGER UNDER EACH OF THE HTTP REQUEST?OR DEFINED IN GLOBALLY?
Also how to define them ?
You don't need to manually add cookies in the HTTP Header Manager, the Cookie Manager should normally handle them.
If for some reason you need to build Cookie header manually make sure to use strict Cookie name and in the value one or more name/value pairs of cookies separated by semicolons
You might find HTTP Cookie Manager Advanced Usage - A Guide article useful, it contains comprehensive information on HTTP Cookie Manager configuration and troubleshooting.

Difference between Response.Cookies and Response.AddHeader "Set-Cookie"

In classic ASP, when I am setting a cookie using Response.Cookies("data1") = "value1" then
I am able to read this cookie using Request.Cookies("data1") on the same page
But when I am using the syntax Response.AddHeader "Set-Cookie", "data2=value2" then
I am not able to read this cookie using Request.Cookies("data2") on the same page.
So What is the difference between these two syntaxes of setting cookie and if I want to read the cookie using the second syntax how sould the read statement look like
Both methods set the HTTP header
set-cookie
but with a key difference.
Response.Cookies is a collection that is pre-built then when the response is ready to send, the HTTP header set-cookie is created. This means that for the life of the page where the Cookie collection is specified, the values are available to manipulate as much as you want.
Response.AddHeader() sets the HTTP header set-cookie when the response is sent back to the client, it has no association at all to Response.Cookies() and setting
Response.AddHeader("set-cookie", "...")
will not magically populate the Response.Cookies collection. The only way to populate the Cookies collection without using Response.Cookies() is to make a round trip to the server after Response.AddHeader() has been set.

Set-Cookie for a login system

I've run into a few problems with setting cookies, and based on the reading I've done, this should work, so I'm probably missing something important.
This situation:
Previously I received responses from my API and used JavaScript to save them as cookies, but then I found that using the set-cookie response header is more secure in a lot of situations.
I have 2 cookies: "nuser" (contains a username) and key (contains a session key). nuser shouldn't be httpOnly so that JavaScript can access it. Key should be httpOnly to prevent rogue scripts from stealing a user's session. Also, any request from the client to my API should contain the cookies.
The log-in request
Here's my current implementation: I make a request to my login api at localhost:8080/login/login (keep in mind that the web-client is hosted on localhost:80, but based on what I've read, port numbers shouldn't matter for cookies)
First the web-browser will make an OPTIONS request to confirm that all the headers are allowed. I've made sure that the server response includes access-control-allow-credentials to alert the browser that it's okay to store cookies.
Once it's received the OPTIONS request, the browser makes the actual POST request to the login API. It sends back the set-cookie header and everything looks good at this point.
The Problems
This set-up yields 2 problems. Firstly, though the nuser cookie is not httpOnly, I don't seem to be able to access it via JavaScript. I'm able to see nuser in my browser's cookie option menu, but document.cookie yeilds "".
Secondly, the browser seems to only place the Cookie request header in requests to the exact same API (the login API):
But, if I do a request to a different API that's still on my localhost server, the cookie header isn't present:
Oh, and this returns a 406 just because my server is currently configured to do that if the user isn't validated. I know that this should probably be 403, but the thing to focus on in this image is the fact that the "cookie" header isn't included among the request headers.
So, I've explained my implementation based on my current understanding of cookies, but I'm obviously missing something. Posting exactly what the request and response headers should look like for each task would be greatly appreciated. Thanks.
Okay, still not exactly what was causing the problem with this specific case, but I updated my localhost:80 server to accept api requests, then do a subsequent request to localhost:8080 to get the proper information. Because the set-cookie header is being set by localhost:80 (the client's origin), everything worked fine. From my reading before, I thought that ports didn't matter, but apparently they do.

How to store and reuse cookies in Postman?

I'm using Postman to test and play with an API.
For the login url, the API requires sending a POST request with username and password as fields. I do this, and I get a 200 response with the message that I am logged in.
I then try another request to get user data. However, I get a response that I am not logged in.
I realized this problem is most likely because the cookie that is sent to me when I log in is not included in the next Postman request.
So my question is, how do I save and include cookies for future requests?
Store the cookie value you want to use in a global variable.In Tests tab of login request, write
postman.setGlobalVariable('key', postman.getResponseCookie("cookieName").value);
Pass along with the value in the Headers tab as a cookie in get user request:
Cookie | cookieName={{key}}
I tried using Ashutosh's answer but got an error. I'm guessing this is because Postman's scripting API changed?
At any rate, the following worked for me:
In the Tests tab of the request that will return cookies you want to save, write
pm.globals.set('<your key>', pm.cookies.get('<cookie name>'));
Then, as described in Ashutosh's answer, add the cookie to the headers by setting the key as cookie and corresponding value as <your cookie name>={{<global variable name>}};.
I found documentation for this at the Postman sandbox API reference.
(Using the native Postman app without the interceptor)
The traditional way of reading the cookie does not work for me pm.cookies.get('<cookie name>')
. Here is a workaround that automatically attaches auth cookie to all requests within a collection:
// The test scripts below run after the api /login returns the response
const authCookie = pm.response.headers.idx(3).value
/*
pm.response.headers.idx(3) is equal to:
{key: "Set-Cookie", value: "xs=eyJhb; Max-Age=3600; Path=/; Expires=Fri, 18 Dec 2020 04:40:34 GMT; HttpOnly; Secure; SameSite=None"}
*/
const token = authCookie.substring(3, authCookie.indexOf(';'))
pm.collectionVariables.set('xs_value', token);
Then add this pre-request scripts to the entire collection:
// Scripts below runs before any request within a collection is sent
const token = pm.collectionVariables.get('xs_value')
pm.request.headers.upsert({ key: 'Cookie', value: `xs=${token}` })
Enjoy!
More info on how to attach headers to requests
It seems there are two Interceptor plugin in google chrome. make sure install the correct one.

Getting a list of cookies set using WatiN

Is there a way to get a list of all the cookies set by a website using WatiN?
The IE Browser class in WatiN provides a GetCookie method that allows you to retrieve a specific cookie, but I would like to iterate over all the cookies that have been set.
There are two methods that should allow you to get the cookies:
CookieCollection cookies = _browser.GetCookiesForUrl(new Uri(url));
and
CookieContainer cookies = _browser.GetCookieContainerForUrl(new Uri(url));
But both of these are empty. Also calling the GetCookie method for a specific cookie returns null.
Any suggestions of how to get this to work?
Recently I had to deal with this situation. At first I thought the cookies I was looking for were HttpOnly, but I took a look using WireShark and there was no HttpOnly flag.
Not sure why GetCookieContainerForUrl fails in this case, but a client side script call revealed the cookies were still there:
ie.Eval("document.cookie");
You might want to try that statement before resorting to packet sniffing every time.
Well, I suppose those methods should work as expected, but maybe you are trying to get HttpOnly cookies? Many sites/web frameworks sets this flag for important cookies, especially when it comes to "session id" cookies. You can't read them in WatiN and it's really hard to read them at all. I was looking for solution once and only one I got was article: Retrieve HttpOnly Session Cookie in WebBrowser
If you want to know if the site you are trying to get cookies is setting HttpOnly flag on the cookie, use Fiddler2 and look in response headers.