Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cy.clearCookies should clear *ALL* cookies of all domains #408

Closed
brian-mann opened this issue Feb 1, 2017 · 39 comments · Fixed by #25012
Closed

cy.clearCookies should clear *ALL* cookies of all domains #408

brian-mann opened this issue Feb 1, 2017 · 39 comments · Fixed by #25012
Assignees
Labels
pkg/driver This is due to an issue in the packages/driver directory topic: cookies 🍪 topic: session Issues when using session command type: enhancement Requested enhancement of existing feature v12.0.0 🐛

Comments

@brian-mann
Copy link
Member

brian-mann commented Feb 1, 2017

After extensive R&D we've decided to deviate from the Webdriver spec and enhance clearing cookies to include all domains.

By default, Webdriver will only ever clear cookies based on the current domain context. So if you are visiting http://localhost and you issue HTTP requests to other domains (which set cookies) - those cookies will not be cleared.

We currently respect this spec, and our own cookie implementations also have this same restriction.

However, this is really just a limitation of Webdriver - and not necessarily something Cypress ever has to abide to. We've built Cypress with cross browser functionality in mind, and any time we deviate from the Webdriver spec, we are forced to ensure we can create compatibility across all other browsers.

Even though we don't support cross browsers now, it's a fundamental part of our strategy and we intend to support them down the road.

What is the proposed change?

  • cy.clearCookies will clear all cookies on all domains, irrespective of the current browsing context
  • Between tests Cypress automatically clears cookies as well, and it will also clear all cookies across all domains.

How will Cypress be able to consistently clear all cookies?

Cypress's architecture is completely different than that of Webdriver, which puts us in a unique situation to do lots of low level network tricks to pull this off.

While this is subject to change, the way this can be done is by inspecting all of the network traffic that goes through the browser (and therefore Cypress, as we already do), and for all domains, we can manually keep track of all the domains with cookies having been set on them.

At the end of the test, or on a cy.clearCookies command, we can then issue multiple HTTP requests out of the browser (through the Cypress driver) to these various endpoints.

Instead of allowing those requests to pass onto the remote server, Cypress will trap the requests, and automatically respond to the requests by issuing a Set-Cookie header for each cookie that needs to be cleared by setting the Max-Age or Expires directive.

The browser will then run its natural course and clear all of the cookies. This will be a bit slower than programatic API's, but will only have to be done when the browser does not expose any kind of automation API to achieve the same result programatically.

Related issues

@brian-mann brian-mann self-assigned this Feb 1, 2017
@brian-mann brian-mann added type: enhancement Requested enhancement of existing feature type: feature New feature that does not currently exist and removed type: feature New feature that does not currently exist labels Feb 1, 2017
@jennifer-shehane jennifer-shehane added the pkg/driver This is due to an issue in the packages/driver directory label Feb 3, 2017
@lode
Copy link

lode commented Apr 29, 2017

I think I'm having this same issue (that they are not cleared at the moment). I have the following script:

  1. clearCookies()
  2. request() my application's login route (which backend requires you to not already be logged in
  3. run tests

Right now this fails in some situations. I find it hard to get a clear repro, but it seems to be when already logged in before.

The workaround I found (which sounds the same as this issue) is to first do a visit() on my application's domain as step 0. Then indeed the clearCookies() relates to my application's domain and the login works fine.

Maybe in the meantime we should update the docs to make this a bit more clear.
But of course I'd love to see this implemented.

@monirsf
Copy link

monirsf commented Jan 30, 2018

is there a timeline when this will be resolved?

@JBanas
Copy link

JBanas commented Mar 19, 2018

Is there any update on this issue?

@avevlad

This comment has been minimized.

@erik-r-peterson

This comment has been minimized.

@MmtBkn

This comment has been minimized.

@GrayedFox
Copy link

GrayedFox commented Sep 24, 2018

Why you shouldn't post "+1", "me too", or some form of "yup" in any GitHub thread

@jennifer-shehane
Copy link
Member

Similarly, we want to ensure localStorage is cleared for all domains when using cy.clearLocalStorage() #2573

@ojame
Copy link

ojame commented Oct 11, 2018

This is a genuine issue for us:

  • We're testing multiple authenticated states (different roles), two have different cookies and one has no cookie at all (anonymous).
  • We're testing embedded content, so the domain of the test is not the domain our cookies are set against, as the cookies are set with the domain of the embedded (iframe) content.
  • We set the cookies manually using cy.setCookie, however in some situations our embedded content will set the cookie automatically

cy.clearCookies doesn't clear our cookies because they're not in a first-party context. We can't even overwrite the automatic cookies (this would be enough) because cy.setCookie prefixes cookies with a ., as explained in this issue.

@macpham
Copy link

macpham commented Jun 4, 2019

This would be very useful for apps that might use a hosted login page from another domain.

@aaalrightalrightalright

Hi team,

Is there a timeline on when we can expect this particular issue to be resolved? This is hindering some automation tests I'm building when utilizing cy.request to make requests. In this suite of tests I've created, it's necessary to clear cookies before each cy.request invocation, and in my particular case, cy.request is the way to go in making requests. I've had to use workarounds, such as the one documented by another user in #1547, so I can continue forward. However, this isn't ideal for maintenance reasons.

I hope someone can respond soon - it seems many others are also relying on this issue to be fixed, and it's been a year since there's been any update on this thread from a team member. If there's another spot we should look to for updates, it would be helpful to let us know of that as well (apologies in advance if that's been pointed out/documented as well).

Thanks!

@eliOcs
Copy link

eliOcs commented Nov 19, 2019

I use a thirdparty service to handle authentication this means that the authentication cookies are set on a different domain to the one I'm actually testing. Until this new feature is introduced is there a workaround? How can I remove the cookies for all domains between test runs for now?
In my case I found a workaround which is to have a logout call before each test.

@8BitJonny
Copy link

I was just browsing through different issues regarding this problem and found something in this this #5657 PR. The topic of the PR seems not to be relevant at first but this comment #5657 (comment) in there says:

I think the failures in the tests are just because we don't clear all cookies of all domains after each test (see #408 ), a cy.clearCookies({ domain: null }) should fix these up... I will look at this some more tomorrow.

I tried this out although its not documented that the cy.clearCookies() function accepts a domain property inside the config object but its actually does and it worked for me.

So what is it @brian-mann @jennifer-shehane ? Is it undocumented functionality or is not supposed to be used ?

@tho-masn
Copy link

tho-masn commented Sep 7, 2020

For me doing cy.clearCookies() two times in a row also fixes the issue (also in Cypress 5.1)

@carlos-cne
Copy link

carlos-cne commented Jan 26, 2021

cy.clearCookies({ domain: null }) does not work with Cypress 4.6.0 and TypeScript.

Argument of type '{ domain: null; }' is not assignable to parameter of type 'Partial<Loggable & Timeoutable>'.
  Object literal may only specify known properties, and 'domain' does not exist in type 'Partial<Loggable & Timeoutable>'.

You can add in the support folder an index.d.ts file and overwrite the clearCookies function.

// eslint-disable-next-line spaced-comment
/// <reference types="cypress" />

interface IClearCookies {
  domain?: string | null;
}
declare namespace Cypress {
  interface Chainable {
    clearCookies(
      options?:
        | Partial<Cypress.Loggable & Cypress.Timeoutable>
        | IClearCookies
        | undefined,
    ): Cypress.Chainable<null>;
}

Also, it works for me on Cypress 6.3.0

@apexearth
Copy link

Clearing an individual cookie with { domain: null } doesn't seem to work so I have to resort to some hackery to make it happen...

Feels icky.

const lastRequest = response.allRequestResponses[response.allRequestResponses.length - 1];
const cookies = lastRequest['Request Headers'].cookie.split('; ').map(cookie => cookie.split('='));
cy.clearCookies({ domain: null });
for (const [key, value] of cookies.filter(([key]) => key !== 'cookie-to-remove')) {
  cy.setCookie(key, value, { domain: '.example.com' });
}

@ggiunta
Copy link

ggiunta commented Nov 9, 2021

Hey Guys, any update on this?

@pietmichal
Copy link

pietmichal commented Dec 8, 2021

Wasted a big chunk of my day trying to figure out why my session is still in place after clearing cookies.

It's been almost 5 years. Surely this should be a simple thing to change?

edit: Calling cy.clearCookie() twice cleared the cookies. I'm on 8.3.1.

@giannif
Copy link

giannif commented Dec 8, 2021

Spent all day on this too. cy.clearCookie() twice does not work for me on 9.1.1

@konstantinschuette
Copy link

How is this still not implemented after five years?

@mattvb91
Copy link

mattvb91 commented Oct 4, 2022

This is still broken. Clearcookies() does not work

@chrisbreiding chrisbreiding added the topic: session Issues when using session command label Oct 4, 2022
@AtofStryker
Copy link
Contributor

related to #24265

@nagash77
Copy link
Contributor

@chrisbreiding does your cookie work address this issue?

@chrisbreiding
Copy link
Contributor

@nagash77 This will be addressed when we add cy.clearAllCookies().

@emilyrohrbough
Copy link
Member

In v12.0.0 (soon-to-be-released), we are introducing the concept of Test Isolation which partially covers the ask in this issue since it will clear all cookies in all domains before each tests.

The remaining work will be handled in #24265 which @chrisbreiding is working.

@cypress-bot
Copy link
Contributor

cypress-bot bot commented Dec 8, 2022

The code for this is done in cypress-io/cypress#25012, but has yet to be released.
We'll update this issue and reference the changelog when it's released.

@cypress-bot
Copy link
Contributor

cypress-bot bot commented Dec 13, 2022

Released in 12.1.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v12.1.0, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Dec 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
pkg/driver This is due to an issue in the packages/driver directory topic: cookies 🍪 topic: session Issues when using session command type: enhancement Requested enhancement of existing feature v12.0.0 🐛
Projects
None yet
Development

Successfully merging a pull request may close this issue.