Cookie Jar Management

Overview

The Cookie Jar feature provides comprehensive cookie management for your API testing needs. View, edit, organize, and control cookies just like a web browser, perfect for testing APIs that require session management, authentication cookies, or other cookie-based functionality.

Automatic Integration: Cookies from the Cookie Jar are automatically included in requests when domain and path match!

Key Features

View All Cookies

See all stored cookies in one centralized location with detailed properties.

Organize by Domain

Group cookies by domain for easy navigation and management.

Add Cookies Manually

Create cookies with full control over all properties.

Edit & Update

Modify existing cookies on the fly.

Export/Import

Save cookies to JSON and import them later or share with team.

Search & Filter

Quickly find cookies by name, value, or domain.

Accessing the Cookie Jar

Click Cookies Button

Find the 🍪 Cookies button in the top header bar.

Cookie Jar Opens

A modal window appears showing your cookie management interface.

Viewing Cookies

Cookie Display

Each cookie shows:

Name - Cookie identifier
Value - Cookie data (truncated if long)
Domain - Where the cookie applies
Path - URL path restriction
Expires - Expiration date/time
Flags - Secure, HttpOnly, SameSite badges

Organization Options

Choose how to view your cookies:

📄 List All

Flat list showing all cookies in one view

📁 Group by Domain

Organize cookies under their respective domains

Statistics Dashboard

Top of the Cookie Jar shows real-time statistics:

Total Cookies - Number of all stored cookies
Domains - Number of unique domains
Secure - Number of HTTPS-only cookies
HttpOnly - Number of JavaScript-protected cookies

Adding Cookies

Click "Add Cookie" Button

Click the ➕ Add Cookie button at the top of the Cookie Jar.

Fill Cookie Form

Enter cookie details in the form:

Required Fields

Field	Description	Example
Name*	Cookie identifier	`session_token`
Domain*	Domain where cookie applies	`api.example.com`

Optional Fields

Field	Description	Example
Value	Cookie data/content	`abc123xyz`
Path	URL path (default: /)	`/api`
Expires	Expiration date/time	`2025-12-31T23:59:59`
Secure	HTTPS-only flag	✅ Checked
HttpOnly	Prevent JavaScript access	✅ Checked
SameSite	Cross-site behavior	Lax, Strict, None

Click "Add Cookie"

Save the cookie to your Cookie Jar.

Editing Cookies

Find the Cookie

Locate the cookie you want to edit in the list.

Click Edit Button (✏️)

Click the pencil icon next to the cookie.

Modify Fields

Change any cookie properties in the edit form.

Save Changes

Click "💾 Save Changes" to update the cookie.

Deleting Cookies

Delete Single Cookie

Click the 🗑️ button next to any cookie to delete it individually.

Delete All Cookies for Domain

When viewing grouped by domain, click 🗑️ in the domain header to delete all cookies for that domain.

Clear All Cookies

Click the "🗑️ Clear All" button in the toolbar to remove all cookies (with confirmation).

Warning: Deleting cookies is permanent. Make sure to export them first if you might need them later!

Export & Import

Exporting Cookies

Click Export Button

Click the "📤 Export" button in the Cookie Jar toolbar.

Choose Save Location

Browser will prompt you to save the JSON file.

File Downloaded

File saved as cookies_YYYY-MM-DD.json

Export File Format

[
  {
    "id": "cookie_12345",
    "name": "session_token",
    "value": "abc123xyz",
    "domain": "api.example.com",
    "path": "/",
    "expires": "2025-12-31T23:59:59.000Z",
    "secure": true,
    "httpOnly": true,
    "sameSite": "Lax"
  },
  ...
]

Importing Cookies

Click Import Button

Click the "📥 Import" button in the Cookie Jar toolbar.

Select JSON File

Choose a previously exported cookies JSON file.

Cookies Imported

Cookies are merged with existing ones. Duplicates (by ID) are skipped.

Use Cases: Export/Import is perfect for backup, sharing cookie configurations with teammates, or migrating between environments!

Searching Cookies

Use the search bar at the top of the Cookie Jar to filter cookies:

Search By

Cookie Name - e.g., "session"
Cookie Value - e.g., "abc123"
Domain - e.g., "example.com"

Real-time Filtering

Results update as you type, showing only matching cookies.

Cookie Properties Explained

Name

The unique identifier for the cookie. Used by the server to recognize the cookie.

session_token, user_id, auth_token, csrf_token

Value

The actual data stored in the cookie. Can be any string.

abc123xyz, eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Domain

Specifies which domain(s) can receive the cookie. Can include subdomains.

example.com          # Only example.com
.example.com         # example.com and all subdomains
api.example.com      # Only api.example.com

Path

Restricts cookie to specific URL paths on the domain.

/                    # All paths (default)
/api                 # Only /api and its subdirectories
/admin/users         # Only /admin/users paths

Expires

When the cookie should be deleted. Empty means session cookie (deleted when browser closes).

2025-12-31T23:59:59Z     # Specific date
                               # Empty = Session cookie

Secure Flag

When enabled, cookie is only sent over HTTPS connections.

✅ Checked: HTTPS only (more secure)
❌ Unchecked: HTTP and HTTPS

Security: Always enable Secure flag for cookies containing sensitive data like auth tokens!

HttpOnly Flag

Prevents JavaScript from accessing the cookie (protection against XSS attacks).

✅ Checked: Cannot be accessed via JavaScript
❌ Unchecked: JavaScript can read/write

SameSite Attribute

Controls whether cookies are sent with cross-site requests.

Value	Behavior	Use Case
None	Cookie sent with all requests	Third-party integrations
Lax	Cookie sent with top-level navigations	Most websites (default)
Strict	Cookie only sent to same site	Banking, high security

Common Use Cases

1. Session Management

Store session tokens from login responses:

Name: session_id
Value: abc123xyz
Domain: api.example.com
Secure: ✅
HttpOnly: ✅

2. Authentication Testing

Test authenticated endpoints without re-logging:

Name: auth_token
Value: Bearer xyz...
Domain: api.example.com

3. Multi-User Testing

Switch between different user sessions:

User 1: session_id=user1_abc
User 2: session_id=user2_xyz
User 3: session_id=user3_def

4. CSRF Token Testing

Store CSRF tokens for protected requests:

Name: csrf_token
Value: random_token_here
SameSite: Strict

5. Development Cookies

Save production cookies for local testing:

Export from prod
Import to local
Test with real data

6. Team Collaboration

Share cookie configurations:

Export cookies.json
Share with team
Everyone imports
Same test environment

Automatic Cookie Inclusion

Request Man automatically includes cookies from the Cookie Jar when sending requests!

Matching Rules

A cookie is included if:

Cookie's domain matches the request URL domain
Cookie's path includes the request URL path
Cookie hasn't expired
(If Secure) Request uses HTTPS

Example

// Cookie in Jar:
Name: session_id
Value: abc123
Domain: api.example.com
Path: /
Secure: Yes

// Request:
GET https://api.example.com/users

// Result:
Cookie: session_id=abc123     ✅ Automatically included!

Tips & Best Practices

1. Use Descriptive Names

Name cookies clearly: auth_token, user_session, csrf_token

2. Set Expiration Dates

Add expiration to avoid clutter from old cookies.

3. Enable Security Flags

Use Secure and HttpOnly flags for sensitive cookies.

4. Group by Domain

Organize cookies by domain for better management.

5. Regular Cleanup

Delete unused cookies periodically to keep things tidy.

6. Export for Backup

Regularly export cookies as a backup.

7. Use Search Efficiently

Use search bar to quickly find specific cookies.

8. Test Cookie Matching

Check request headers to verify cookies are included correctly.

Troubleshooting

Cookie Not Included in Request

Problem: Cookie doesn't appear in request headers

Solutions:

Verify domain matches request URL
Check if cookie has expired
Ensure path includes request path
For Secure cookies, use HTTPS

Can't Import Cookies

Problem: Import fails or shows error

Solutions:

Verify file is valid JSON
Check file format matches export format
Look for console errors

Cookies Disappeared

Problem: Cookies missing after restart

Solutions:

Check if browser localStorage was cleared
Verify you're in correct workspace
Look for browser privacy settings blocking storage