Important Test Cases for Cookies Testing of Web Applications:
1.Test whether your application is writing cookies or not.
2.For testing Privacy of Cookies ,Test that no personal or sensitive data is stored in the cookie.
3.If there is no other option than saving sensitive data in cookie , Test that data stored in cookie is stored in encrypted format.
a. In menu bar, Go to "Tools" and click on "option".
b. Go to "Privacy".
c. In section of "history", select "use custom setting for history" from the dropdown list.
d. For checkbox of "accept third party cookies" , select "ask me every time" from the dropdown list.
5.Test that user is able to access the web application after disabling the cookies. There should not be any page crash due to disabling the cookies.
6. Test the functionality of web application by not accepting all the cookies . ie If you are writing 10 cookies in your web application then randomly accept some cookies say accept 5 and reject 5 cookies. For executing this test case you can set browser options to ask whenever cookie is being written to disk. On this alert window you can either accept or reject cookie. Try to access major functionality of web application. And test whether pages are getting crashed or data is getting corrupted.
7.Test to access the web pages and check the behavior of the pages after deleting all the cookies manually.
8.Test your web application by Corrupting the Cookies. You know where cookies are stored. Manually edit the cookie in notepad and change the parameters to some other values. Like alter the cookie content, name of the cookie or expiry date of the cookie and test the functionality of web application.
9.Perform Cookie Testing of your web application on Multiple Browsers: Test whether your web application page is writing the cookies properly on different browsers
10.If your web application maintain the logging state of any user by help of cookies then test by changing the parameter to different value by editing the cookie. An alert message should be displayed to user and user should not be able to see other users account.