cy.clearCookies should clear *ALL* cookies of all domains

[brian-mann]

After extensive R&D we've decided to deviate from the Webdriver spec and enhance clearing cookies to include all domains.

By default, Webdriver will only ever clear cookies based on the current domain context. So if you are visiting http://localhost and you issue HTTP requests to other domains (which set cookies) - those cookies will not be cleared.

We currently respect this spec, and our own cookie implementations also have this same restriction.

However, this is really just a limitation of Webdriver - and not necessarily something Cypress ever has to abide to. We've built Cypress with cross browser functionality in mind, and any time we deviate from the Webdriver spec, we are forced to ensure we can create compatibility across all other browsers.

Even though we don't support cross browsers now, it's a fundamental part of our strategy and we intend to support them down the road.

What is the proposed change?

• cy.clearCookies will clear all cookies on all domains, irrespective of the current browsing context
• Between tests Cypress automatically clears cookies as well, and it will also clear all cookies across all domains.

How will Cypress be able to consistently clear all cookies?

Cypress's architecture is completely different than that of Webdriver, which puts us in a unique situation to do lots of low level network tricks to pull this off.

While this is subject to change, the way this can be done is by inspecting all of the network traffic that goes through the browser (and therefore Cypress, as we already do), and for all domains, we can manually keep track of all the domains with cookies having been set on them.

At the end of the test, or on a cy.clearCookies command, we can then issue multiple HTTP requests out of the browser (through the Cypress driver) to these various endpoints.

Instead of allowing those requests to pass onto the remote server, Cypress will trap the requests, and automatically respond to the requests by issuing a Set-Cookie header for each cookie that needs to be cleared by setting the Max-Age or Expires directive.

The browser will then run its natural course and clear all of the cookies. This will be a bit slower than programatic API's, but will only have to be done when the browser does not expose any kind of automation API to achieve the same result programatically.

Related issues

• Cookies for third-party domains aren't cleared upon exit #391

[lode]

I think I'm having this same issue (that they are not cleared at the moment). I have the following script:

1. clearCookies()
2. request() my application's login route (which backend requires you to not already be logged in
3. run tests

Right now this fails in some situations. I find it hard to get a clear repro, but it seems to be when already logged in before.

The workaround I found (which sounds the same as this issue) is to first do a visit() on my application's domain as step 0. Then indeed the clearCookies() relates to my application's domain and the login works fine.

Maybe in the meantime we should update the docs to make this a bit more clear.
But of course I'd love to see this implemented.

[monirsf]

is there a timeline when this will be resolved?

[JBanas]

Is there any update on this issue?

[GrayedFox]

Why you shouldn't post "+1", "me too", or some form of "yup" in any GitHub thread

[jennifer-shehane]

Similarly, we want to ensure localStorage is cleared for all domains when using cy.clearLocalStorage() #2573

[ojame]

This is a genuine issue for us:

• We're testing multiple authenticated states (different roles), two have different cookies and one has no cookie at all (anonymous).
• We're testing embedded content, so the domain of the test is not the domain our cookies are set against, as the cookies are set with the domain of the embedded (iframe) content.
• We set the cookies manually using cy.setCookie, however in some situations our embedded content will set the cookie automatically

cy.clearCookies doesn't clear our cookies because they're not in a first-party context. We can't even overwrite the automatic cookies (this would be enough) because cy.setCookie prefixes cookies with a ., as explained in this issue.

[macpham]

This would be very useful for apps that might use a hosted login page from another domain.

[InsaneViku]

Hi team,

Is there a timeline on when we can expect this particular issue to be resolved? This is hindering some automation tests I'm building when utilizing cy.request to make requests. In this suite of tests I've created, it's necessary to clear cookies before each cy.request invocation, and in my particular case, cy.request is the way to go in making requests. I've had to use workarounds, such as the one documented by another user in #1547, so I can continue forward. However, this isn't ideal for maintenance reasons.

I hope someone can respond soon - it seems many others are also relying on this issue to be fixed, and it's been a year since there's been any update on this thread from a team member. If there's another spot we should look to for updates, it would be helpful to let us know of that as well (apologies in advance if that's been pointed out/documented as well).

Thanks!

[eliOcs]

I use a thirdparty service to handle authentication this means that the authentication cookies are set on a different domain to the one I'm actually testing. Until this new feature is introduced is there a workaround? How can I remove the cookies for all domains between test runs for now?
In my case I found a workaround which is to have a logout call before each test.

[8BitJonny]

I was just browsing through different issues regarding this problem and found something in this this #5657 PR. The topic of the PR seems not to be relevant at first but this comment #5657 (comment) in there says:

I think the failures in the tests are just because we don't clear all cookies of all domains after each test (see #408 ), a cy.clearCookies({ domain: null }) should fix these up... I will look at this some more tomorrow.

I tried this out although its not documented that the cy.clearCookies() function accepts a domain property inside the config object but its actually does and it worked for me.

So what is it @brian-mann @jennifer-shehane ? Is it undocumented functionality or is not supposed to be used ?

[tho-masn]

For me doing cy.clearCookies() two times in a row also fixes the issue (also in Cypress 5.1)

[carlos-cne]

cy.clearCookies({ domain: null }) does not work with Cypress 4.6.0 and TypeScript.

Argument of type '{ domain: null; }' is not assignable to parameter of type 'Partial<Loggable & Timeoutable>'.
  Object literal may only specify known properties, and 'domain' does not exist in type 'Partial<Loggable & Timeoutable>'.

You can add in the support folder an index.d.ts file and overwrite the clearCookies function.

// eslint-disable-next-line spaced-comment
/// <reference types="cypress" />

interface IClearCookies {
  domain?: string | null;
}
declare namespace Cypress {
  interface Chainable {
    clearCookies(
      options?:
        | Partial<Cypress.Loggable & Cypress.Timeoutable>
        | IClearCookies
        | undefined,
    ): Cypress.Chainable<null>;
}

Also, it works for me on Cypress 6.3.0

[apexearth]

Clearing an individual cookie with { domain: null } doesn't seem to work so I have to resort to some hackery to make it happen...

Feels icky.

const lastRequest = response.allRequestResponses[response.allRequestResponses.length - 1];
const cookies = lastRequest['Request Headers'].cookie.split('; ').map(cookie => cookie.split('='));
cy.clearCookies({ domain: null });
for (const [key, value] of cookies.filter(([key]) => key !== 'cookie-to-remove')) {
  cy.setCookie(key, value, { domain: '.example.com' });
}

[ggiunta]

Hey Guys, any update on this?

[pietmichal]

Wasted a big chunk of my day trying to figure out why my session is still in place after clearing cookies.

It's been almost 5 years. Surely this should be a simple thing to change?

edit: Calling cy.clearCookie() twice cleared the cookies. I'm on 8.3.1.

[giannif]

Spent all day on this too. cy.clearCookie() twice does not work for me on 9.1.1

[konstantinschuette]

How is this still not implemented after five years?

[mattvb91]

This is still broken. Clearcookies() does not work

[AtofStryker]

related to #24265

[nagash77]

@chrisbreiding does your cookie work address this issue?

[chrisbreiding]

@nagash77 This will be addressed when we add cy.clearAllCookies().

[emilyrohrbough]

In v12.0.0 (soon-to-be-released), we are introducing the concept of Test Isolation which partially covers the ask in this issue since it will clear all cookies in all domains before each tests.

The remaining work will be handled in #24265 which @chrisbreiding is working.

[cypress-bot]

The code for this is done in cypress-io/cypress#25012, but has yet to be released.
We'll update this issue and reference the changelog when it's released.

[cypress-bot]

Released in 12.1.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v12.1.0, please open a new issue.