Skip to content

Latest commit

 

History

History
58 lines (43 loc) · 2.17 KB

File metadata and controls

58 lines (43 loc) · 2.17 KB

Cookie Assertions

Cookie assertions let you verify browser cookies — check existence, values, and security attributes like httpOnly, secure, and sameSite.

How Capture Works

Cookies are captured as a point-in-time snapshot when the checkpoint triggers:

  • On-demand capture: Cookies are read from the browser context at the moment the assertion runs — not accumulated over time
  • Current state only: You see exactly what cookies exist right now, including any set by the page's JavaScript or server responses
  • All cookies visible: Unlike document.cookie in JavaScript, KaneAI can see httpOnly cookies too
  • Domain-scoped: Cookies are captured for all domains the browser has visited in this session

Planning for Multi-Step Tests

Because cookies are captured at assertion time:

  • If you need to check cookies set by a specific page, assert on the same page or after you've visited it
  • If cookies are needed in a later step (e.g., after navigating away), extract and store them first
  • Cookies persist in the browser across steps (unlike network/console which reset) — but asserting on a different domain may show different cookies

What You Can Query

Field Type Description
name string Cookie name (e.g., "session_id")
value string Cookie value
domain string Domain (e.g., ".example.com")
path string Cookie path (e.g., "/")
expires float Expiry as epoch seconds (-1 for session cookies)
http_only bool True if HttpOnly flag is set
secure bool True if Secure flag is set
same_site string "Strict", "Lax", or "None"

Example Assertions

Assert: a cookie named "session_id" exists
Assert: the session cookie is httpOnly
Assert: no cookies are set without the Secure flag
Assert: at least 3 cookies are set on the page
Assert: the auth cookie has sameSite set to "Strict"

Example Extractions

Store all cookies
Extract the value of the "session_id" cookie
Store all cookie names
Get all cookies for the example.com domain

Example If/Else

If a cookie named "auth_token" exists then go to dashboard, else go to login