Cookie tests

As tests use redirects which set cookies, they must be followed from the URLs listed here. Accessing the end URLs directly makes the TCs INVALID.

Positive functionality

1. Standard Cookie (sent)
2. Standard Cookie 2 (sent)
3. Expires/Delete (set, then old expiry set)
4. Path (sent to correct path, not to parent folder
5. Secure - unavailable, will be made available with the setup of a secure server
6. Max Size (at least 4096 bytes allowed)
7. Max Number Per Server (at least 20 allowed)
8. Update (set, then change value)
9. Header/Javascript equivalence (set, check header == JS, change through JS, check header == JS again, using cookie 2)
   Needs JavaScript
10. HttpOnly (script cannot access)
    Needs JavaScript
11. Encoding (UTF-8 in cookies)
12. Domain (only sent to proper domain)
13. Persistent (through restarts)
    Needs restart
14. Purge old (set a bunch, reload the first, set a bunch more and verify that the first cookie was not the first to be purged - this is optional for implementors)
15. Overwriting (set the same cookies in a subdirectory and outside)
16. Order (cookies with more specific paths sent first)
17. HttpOnly & XHR (XHR cannot access)
    Needs JavaScript

Cookie preferences

1. Disable cookies
2. Site Specific Preferences

Cookie 2 fields

1. Path
2. Domain
3. Max-Age
4. Discard
   Needs restart
5. Comment and CommentURL
   Needs UI
6. Port

Error handling and extended tests (Cookie 2)

1. Expires
   Needs restart
2. Path
3. Version
4. Domain
5. Max-Age
6. Cookie 2 Attribute Return
7. Port
8. Other
9. Quoting

Backwards bug-compatibility

1. $-Cookies (cookie 2)
   Needs deletion of all cookies first
2. Cookies with spaces

Tests to come

• Secure - with the setup of a secure server
• Third party testsuite - with the setup of a third party server
• Port test - with the setup of additional ports
• Cookie monster bug - with the setup of a public proxy
• IDN - with the setup of a public proxy