Cookie control with collection runs

[nlwillia]

I'm testing with a service that sets an unwanted session cookie in the response. If I visit that service in Postman, the cookie is being saved and replayed for later requests.

I've identified several ways to submit a new request without the cookie...

1. Implement a reset feature in the service that clears the cookie and request it from Postman before making a new service request from the domain/path. (This is not an option if dealing with a 3rd party service.)
2. Route requests through a proxy that strips the Set-Cookie response header.
3. Exit Postman and all instances of Chrome including the background process that Chrome runs in the Windows notification area if the "Continue running background apps when Google Chrome is closed" browser setting is checked. Then restart. (Don't think this would work for a non-session cookie.)
4. Install and enable the Interceptor plugin so that the browser's cookie store is used. Open Chrome to chrome://settings/cookies and manually remove the unwanted cookies before each request. Setting the Cookie header manually from within Postman in Interceptor mode can override the cookie that is sent (Cookie: unwanted-cookie=), but not remove it from the request completely.

None of these are very convenient. Is there a better way to forcibly disable any sort of cookie header being sent?

edit: 2018-04-20 This was originally logged against the Chrome app which has since been deprecated in favor of the native apps. The native apps don't appear to have the same browser-level constraint that made cookie management in Chrome a non-starter. There's now a Cookies link that pops a MANAGE COOKIES modal where cookies can be added or removed. This is an improvement as it's now possible to directly remove an unwanted cookie. Unfortunately there still doesn't seem to be a way to disable cookies entirely. However, the Pre-request Script option is promising as a way to run script to configure things that aren't supported in the UI. This does not appear to support cookie manipulation, but there's a recent issue suggesting it. If that's possible and gets done, then that will become a way to (finally) address this use case.

An aside to all the +1-ers out there, Github has had reactions for over 2 years now; please use them!

[richarddavenport]

I agree. I would love to be able to see the cookies and clear or edit them.

[b0elter]

+1

[abhijitkane]

This is currently a limitation of the Chrome platform - packaged apps do not have access to Cookies that have been set, nor is there a way to edit/delete them. There are 2 bugs filed on crbug - https://code.google.com/p/chromium/issues/detail?id=236585, https://code.google.com/p/chromium/issues/detail?id=152758

Still waiting for a response on these.

[dbalabka]

+1 . My current solution is:

1. Open any page on the same domain in GoogleChrome
2. Open Developer tools(F12)
3. In Developers tool tab Resources clear all cookies before each request 😄 It's very annoying but works
   

[ghost]

+1 to have the option to send a request without cookies.

[philals]

+1

[tobilarscheid]

+1

[divayprakash]

+1

[akirayamamoto]

+1

[PiWhy]

+1

[lshapsa]

+1

[cychai]

+1

Postman v0.9.6 – Access cookies and restricted headers. Plus better tests!

[matthewkimber]

+1

[kimek]

+1

[dteirney]

+1

[jeremypaskalicimpress]

+1

[ericcarino]

+1

[sdnts]

Hey guys, cookie management is a limitation of the Chrome platform, but it is possible in the native apps. Could you give them a shot and check if that is easier? You can download our native apps for OSX/Windows/Linux here.

[dteirney]

I've been using the native application for some time now. While you can delete cookies manually I can't find any setting or preference to prevent cookies being stored in the first place. This makes it seemingly impossible to use the collection runner and not have the results affected by the cookies that are stored.

[bkubiak]

Hey, could you add possibility to disable cookies in Mac OS native app? I can delete them manually, but this is very inconvenient.

[ayancey]

+1

[SidhantDuggal]

I've been using the native application. I can't find any setting or preference to prevent cookies being stored in the first place. This makes it apparently impossible to use the collection runner without affecting the results ( by the erstwhile cookies ).

[garmoshka-mo]

Actually this extension is useless for rails REST testing, though it could be convenient tool, because many cool useful UI-features implemented.
Hm, why authors of this app are so.. "specific"? Put so much efforts to create application, which can't be used because of small stick in the wheels

[DanielStoica85]

@madebysid Any update on this?

[sdnts]

Work on making cookies manageable from pre-request / test scripts is underway, I'll let you guys know here when we have something :)

[plumpNation]

+1

[shamasis]

@codenirvana based on our last review of cookie related issues, let’s add cookie syncing / persisting controls before and after runs. that would unblock a number of related use cases.

[shamasis]

We were thinking of ways to address all use cases in this and take this up ASAP. So, here are the thoughts:

We solve it in two parts: (1) Add session control on runner start and stop (2) Add cookie control API within scripts

1. By session control, I mean you get to choose what you want to carry over from the main window when run starts and for every subsequent run.
   -- For a run, you can choose to start with a fresh session and that would use initial values for environment and blank cookie jar.
   -- You can also choose what to do with cookies when run ends (just like what is available with the "persist variables" feature.)

2. For other use cases where one needs to clear cookies at special points in run as well as on iteration change, etc... we open up pm.cookies or some variant of it that has access to entire Cookie Jar and can be manipulated programmatically at any point.

[fabOnReact]

where to find the cookies management in the native app

[Bluscream]

HOW TO DO THIS?

[fabOnReact]

@Bluscream better not using all caps, please edit your message
the screen is from the postman ubuntu desktop app. The rest is self-explanatory

[vikiCoder]

Hello everyone,

We have added the following options in collection runner to provide more control over cookies while running a collection:

• Run collection without using stored cookies
• Save cookies after collection run

These options are available in Postman App version 7.1.0 or later. Below is a screenshot showing off these options in runner window.

Screenshot:

[regisbsb]

@vikiCoder This does not help when you need to clear the cookies as part of a request. It would be very nice just to add cookie manipulation to the script

[vikiCoder]

@regisbsb We are working on improving cookies UI in the App with more options to manage cookies as well as allowing cookies control from scripts. There is no final release date for those features yet. Stay tuned for the updates.

[theLucasAntunes]

@vikiCoder As a user who rarely uses the Collection Runner, but test individual requests instead, I find this to be a very niche-focused improvement. I'm not saying it's a bad feature, but we could have this setting for each request.. Maybe a simple checkbox inside the existing "Cookies" window.

[shamasis]

@KrilMun @regisbsb ... the programmatic access of cookies are being worked upon as I type. :-) You would be able to white-list a set of domains that would be programmatically manipulated. Will release in Canary soon and I hope to get feedback. :-)

[brettsamann]

Is there an ETA for that feature? It will be a huge help to some of the workflows I have.

[codenirvana]

We've added support for programmatic cookie access in our Canary channel https://www.getpostman.com/canary

Refer #3312 (comment) for detailed documentation.

Everyone, please try it out and share the feedback.
Will update the thread once we release this on our stable channel.

[shamasis]

@brettsamann @KrilMun @regisbsb - would greatly appreciate any feedback around the programmatic access before we roll it out to production in weeks.

[codenirvana]

We've added support for programmatic cookie access in the latest version of the Postman app (v7.6.0). Refer #3312 (comment) for more details.

[iamkarlson]

Whoever switch it on by default for all the users made a huge mistake. This is super annoying and cause a lot of troubles already.