1

I have a list of cookies in my response that has secure=true which is not accessible by the pm.cookies.jar()

This results in an issue where i wanted to clear all the cookies under a domain, which does not happen with the below code on the secure cookies.

const jar = pm.cookies.jar();
var domain = pm.environment.get("envUrl");    
jar.clear(domain, function (error){
    if(error)
    {
        console.log("error",error);
    }
});

After this script is run, i could see that the secure cookies are NOT cleared from the manage cookies window.

Using: Postman for Windows - Version 7.16.1 - win32 10.0.14393 / x64

Example: enter image description here

Jeeva
  • 438
  • 4
  • 12
  • Is the domain whitelisted? If it's not in there, you won't be able it access it in the scripts. https://learning.getpostman.com/docs/postman/sending-api-requests/cookies/#whitelisting-domains-for-programmatic-access-of-cookies – Danny Dainton Jan 31 '20 at 11:35
  • the domain is whitelisted, the script clears the cookies under the domain that have secure=false and does NOT clear the cookies that have secure=true – Jeeva Jan 31 '20 at 13:24
  • @DannyDainton updated issue with an example. Seems to be a bug with postman. please confirm. – Jeeva Jan 31 '20 at 13:49
  • If it is a bug, this probably isn't the best place for it to be fixed. Can you raise this on the Github issue tracker please. https://github.com/postmanlabs/postman-app-support/issues – Danny Dainton Jan 31 '20 at 14:25
  • 2
    Github issue: https://github.com/postmanlabs/postman-app-support/issues/7977 – Jeeva Jan 31 '20 at 14:50

1 Answers1

0

I think i have a workaround for this case until the bug is solved.

postman.getResponseCookie("Cookie name");

This still can access cookie with secure=true and using pm.cookies.jar() and set(), I set cookie with the same name as Secure cookie.

This removes the Secure flag from the cookie set. Now all operations (get, unset, clear) can be used on that cookies using pm.cookies.jar().

Note that set() creates a cookie with hostOnly=true, so the set cookies are only accessible when the request URL has the same host as the set cookie.

var responseCookie= postman.getResponseCookie("CookieName");
responseCookie= responseCookie.value.toString();

const cookieJar = pm.cookies.jar();
var domain = pm.environment.get("envUrl");
cookieJar.set(domain,"CookieName",responseCookie,function(error,cookie){});

cookieJar.clear(domain, function (error){});
Jeeva
  • 438
  • 4
  • 12