28

All the postman cookie-management answers I've seen refer to either the browser extension (open chrome, delete cookies viz interceptor etc) or with the app, using the UI to manually manage cookies.

I would like to delete certain cookies in my pre-request code as part of scripting my API tests. (delete them programmatically)

The Sandobx API docs mention pm.cookies so I tried

if (pm.cookies !== null) {
   console.log("cookies!");
   console.log(pm.cookies);
}

But the pm.cookies array is empty. Yet in the console, the GET call then passes a cookie.

There's also postman.getResponseCookies, which is null (I assume because we're in the pre-request section, not in the test section)

One answer suggested calling the postman-echo service to delete the cookie. I haven't investigated this yet, but it doesn't feel right.

K5 User
  • 606
  • 1
  • 6
  • 10
  • 2
    (This is specific to the postman app, not the extension, sorry if I wasn't clear) – K5 User Jun 20 '17 at 17:55
  • If your API has a delete function that you can use for cookies (like postman-echo has), you may build one request to delete them and chain the request you want to execute (via setNextRequest()). – A.Joly Jul 25 '17 at 07:45
  • The answer concerning postman echo is a dead end, cookies are linked to a domain, so your cookie will be linked to yours, not postman-echo, and then won't be deleted. Too bad, it actully deleted the cookie from the cookie manager. – A.Joly Sep 14 '17 at 09:52
  • You may have a look here https://stackoverflow.com/questions/1085756/how-to-delete-session-cookie, but if your cookie is set with http_only, you won't be able to access (and remove) it. In my case, it is http_only (sob). Else you can change its date (accessing it in javascript) and set it to yesterday or even -1 could work I think ... – A.Joly Sep 14 '17 at 12:17
  • There is a feature request for this: https://github.com/postmanlabs/postman-app-support/issues/3312 – Suzana Sep 20 '17 at 10:56

3 Answers3

8

new version now supports that since 2019/08, see more examples here: Delete cookies programmatically · Issue #3312 · postmanlabs/postman-app-support

Prerequisite

Cookie domains to be given programatic access must be whitelisted.

clear all cookies

const jar = pm.cookies.jar();

jar.clear(pm.request.url, function (error) {
  // error - <Error>
});

get all cookies

const jar = pm.cookies.jar();

jar.getAll('http://example.com', function (error, cookies) {
  // error - <Error>
  // cookies - <PostmanCookieList>
  // PostmanCookieList: https://www.postmanlabs.com/postman-collection/CookieList.html
});

get specific cookie

const jar = pm.cookies.jar();

jar.get('http://example.com', 'token', function (error, value) {
  // error - <Error>
  // value - <String>
});
Pool
  • 11,999
  • 14
  • 68
  • 78
aaron
  • 1,951
  • 3
  • 27
  • 41
  • 2
    Thanks! I noticed that it's necessary to whitelist domain to access cookies: https://learning.postman.com/docs/postman/sending-api-requests/cookies/#whitelisting-domains-for-programmatic-access-of-cookies – Ferran Maylinch Feb 19 '20 at 09:32
  • It is worth noting that the `url` that is passed to `jar.get` in this example must include the request path if there is one. It does not need to include any query string, though. E.g. "https://example.com/subexample" NOTE that the URL shown here includes "https://", but it's not being displayed. You will need to include the protocol when getting the cookies. – Toby Artisan Apr 14 '20 at 17:19
  • `jar.clear(pm.request.url...` doesn't work for me. 1) Notice it's an object. I'm not sure `jar.clear()` supports that. 2) I've got environment variables set that build my my request URL. They aren't resolved at the time I access them (before my script) as you can see: `{"path":["{{endpoint.token}}"],"host":["{{base-path}}"],"query":[],"variable":[]}` - note the variable names in the object's properties, eg. `"{{base-path"}}`. I ended up getting my root domain var's value via `pm.environment.get('host')` which works great to clear all cookies for `{{host}}`. – Joel Mellon Sep 03 '21 at 02:05
  • also to make the scripts work especially for delete include the domains in "Domains Allowlist" so that script can modify it. – Shiljo Paulson Jul 03 '23 at 06:27
6

According to the documentation pm API reference the pm.cookie API is only for the Tests tab, not for the Pre-request Script.

The following items are available in TEST SCRIPTS only.

pm.cookies

...

It seems that you will have to stick with this method : Interceptor Blog post

Community
  • 1
  • 1
Sergej Lopatkin
  • 1,071
  • 9
  • 11
  • But the Interceptor is restricted to the Chrome plug-in, which will soon be retired, isn't it? – jackr Mar 03 '18 at 01:59
  • 1
    https://www.getpostman.com/docs/v6/postman/scripts/postman_sandbox_api_reference indicates pm.cookies is available for native apps now but i also see the same behaviour as the op with the cookie object being empty – PatrickWalker May 02 '18 at 10:27
  • 2
    As of this date in 2020, Postman does allow the usage of pm.cookies.jar() in the pre-request scripts, so @aaron's answer seems more appropriate now. – Toby Artisan Apr 14 '20 at 17:11
-1

I know this is a very late answer, but for my case where I didn't want to use the cookies to start the execution of the collection, I just needed to uncheck the option "Save cookies after the collection run" and check the option "Run collection without using stored cookies" on the Runner panel.

enter image description here

And then if I want to manage the cookies on my own, I created a first request on the collection and used the Tests tab just to collect the cookies that I wanted and saved them on a variable.

pm.environment.set('cookie', pm.cookies.get('csrftoken'))
pm.environment.set('sessionid', pm.cookies.get('sessionid'))
Dharman
  • 30,962
  • 25
  • 85
  • 135
herickmota
  • 457
  • 6
  • 13