Cypress Sessions Experimental Feedback

[jennifer-shehane]

Hey everyone, thanks for testing out the experimental cy.session()!

We appreciate any and all feedback that you have to provide. Please use this thread to provide feedback, request features, or just comment on cy.session() in general.

If you have a larger bug to report, please file a dedicated issue.

Docs: https://docs.cypress.io/api/commands/session

[herecydev]

It's excellent, the api is very intuitive by describing the users actions and not the technical end result. So far the functionality has worked for me flawlessly as well.

However I'm not keen on the presentation. The sessions part describes clearly what session was used and you have the ability to clear sessions 👍. But when a test kicks off, it runs through the session first and it's often at odds with what you're expecting the test to do. I would like to see a clearer visual indication that cypress is building a session first, perhaps by:

• Presenting an overlay on the application
• Not showing the application, and instead a placeholder with a spinner detailing that it's building a session

In addition when the test is finished, the session detail is recorded under the "Test body", whilst that is technically correct I consider sessions to be somewhat of a "setup to the test". I feel like it should be recorded under the "Session tab", it just needlessly clutters the test body to me.

Really, a big thank you for the work on this though. It's greatly simplified some of the boilerplate user actions that couldn't be articulated well.

[rkhomi]

It's not as flexible since it require us to use cy.visit() after
Which means we have to build url with multiple parameters like site.com/questions/58952478/sort=true/contract/123/
but we don't have them at hands

[herecydev]

I don't understand your point, why would you not have them to hand? How would you have visited that page to begin with?

[romankhomitskyi]

Firstly you visit /users route to check smth
Then you want to visit /user/12/contract/12/display=true (or smth similar)

[herecydev]

So what's the issue with that? You have the url to use in the session, and then the user and contract you want to visit after?

[romankhomitskyi]

To visit /user/12/contract/12/display=true
You will have to grab user id and contract id from database and only then build up url

[bahmutov]

All easy-peasy using cypress-data-session

…

Sent from my iPhone

On Sep 30, 2021, at 13:05, Roman Khomitskyi ***@***.***> wrote:  To visit /user/12/contract/12/display=true You will have to grab user id and contract id from database and only then build up url — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[IanVS]

I was very happy to find an use cy.session(), because my user creation and login process involves sending an email with a magic link and creating and using a two-factor authenticator. It's not a simple set of API commands to create a user and login with a password. Unfortunately, I quickly hit #17710, finding out that session data is not cached across specs. Is there a reason for that, or is it a bug? Based on some of the discussion leading up to the creation of cy.session (e.g. #686 and #2951 (comment)) that this new session api would be a way to speed up tests by storing session data across tests.

[emilyrohrbough]

@IanVS When cy.session was releases as experimental, it was intentional to isolate this per-spec. We are working on moving cy.session from experimental to GA and I am currently implementing caching sessions between specs! You should expect to see something in the next few releases.

[andreasnuesslein]

Hi all,

I've been trying to get some kind of cookie storage working for the better part of this evening. I finally stumbled upon all those tickets saying preserveOnce has been broken since 3.4.1 or something so I was thrilled to find this new feature... however I might need a guide for dummies.

This is a very condensed example (I tried it with the official https://docs.cypress.io/api/commands/session#Updating-an-existing-login-helper-function version first). And yes the whole login procedure itself works just fine.

  it("successful login", () => {
   cy.session("login", () => {
     cy.visit("/");
     cy.get("#id_login").type("loginname");
     cy.get("#id_password").type("loginpassword");
     cy.get(`input[type="submit"]`).click();
     cy.url().should("eq", "http://localhost:8000/");
     cy.hash().should("eq", "");
   })
  cy.visit("/")
  });

Am I understanding it correctly and should i expect the final visit() to be logged in now?

And I tried any possible way I could think of but it feels like no matter what I do, cy.visit() starts a completely fresh session. I also tried shennanegans like this: #2952 (comment) .

When I watch the cookies in the browser I see them being consistent until the new visit() hits the page and gives me a fresh sessionid.

Please help ❤️

PS: newest Cypress 8.6.0 and Chrome 94.

[jennifer-shehane]

Yes, this looks correct. If you click on the session in the Command Log with DevTools open, it should log the cookies/localStroage/sessionStorage that Cypress was able to save here. Do you see anything in there?

[andreasnuesslein]

I still don't exactly know what's going on, but it seems like it's the underlying Django with a specific set of odd cookie-settings, that is forcing this problem.

So as far as I can see, it's not a Cypress problem as such. I'll keep you posted

[andreasnuesslein]

Hello @jennifer-shehane , thank you for getting back to me,

this is the result. as you can see, the sessionid is different in the console-output compared to the "current" value (which appears on the last visit() )

thank you

[filiphric]

First of all sessions are awesome, I played with them a little more yesterday and I’m super impressed 👍

I have a question though. Is it possible to load information from cached session and use it elsewhere in test? Let’s say I have a test like this:

cy.session([username, password], () => {
  cy.request({
    method: 'POST',
    url: '/login',
    body: { username, password },
  }).then(({ body }) => {
    window.localStorage.setItem('authToken', body.token)
  })
})

But I want to use that local storage item in another place in test, for example in a request command, like this:

cy.session('mySession')
cy.request({
  method: 'POST'
  url: '/example',
  headers: {
    authorization: // here I’d like to use the cached session dataa
  }
})

[bahmutov]

@filiphric use the cy.dataSession from https://github.com/bahmutov/cypress-data-session since it gives you access to the data under an alias automatically

function login(username, password) {
  cy.dataSession({
    name: username + password,
    setup() {
      cy.request({
        method: 'POST',
        url: '/login',
        body: { username, password },
      }).then(({ body }) => {
         return cy.wrap(body.token)
      })
    },
    validate(token) {
       return Boolean(token)
     },
     recreate(token) {
       window.localStorage.setItem('authToken', token)
     }
  })
}

// now you want to get access to the token for the user
login(username, password)
.then(function () {
   // use the data session name as an alias
   // it will have the token
   cy.request({
      headers {
         authorization: this[username + password]
      }
   })
})

[filiphric]

Wow this plugin took the session API to a whole another level. Is there any reason to keep this plugin separate from codebase? I find this to be a great addition to the overall Session API experience

[bahmutov]

You know I save the best for you

…

Sent from my iPhone

On Oct 15, 2021, at 07:15, Filip Hric ***@***.***> wrote:  Wow this plugin took the session API to a whole another level. Is there any reason to keep this plugin separate from codebase? I find this to be a great addition to the overall Session API experience — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

[shutchison-bai]

In the future do know if there is going to more flexibility around cy.visit() must be explicitly called in each test to visit a page in your application? Ideally I would like to store the login session and be able use it in the spec without using cy.visit() within each test.

I currently achieve this by using Cypress.Cookies.preserveOnce in a beforeEach() hook. Ideally would like to use cy.session() in my beforeEach() hook and not have to use cy.visit() in each of my tests.

[romankhomitskyi]

Exactly, there is no flexibility in using cy.visit in each test, it makes tests really slow

[shutchison-bai]

I agree, it make the test really slow and inefficient. You basically can only test pages and not actual user flow.
If Cypress.Cookies.preserveOnce() is actually going to deprecation in the near future per 9.7.0 change log this should be addressed.

[emilyrohrbough]

@shutchison-bai #23503 is currently in review to remove the page clearing after validate runs in cy.session() which removes the need to use cy.visit() when validation is used.

[emilyrohrbough]

Please see response above: #17887 (reply in thread)

[dvsoukup]

Posted from a ticket I had added to the issues board.

What would you like?

With Cypress 9.7, the new session mechanism has been introduced. I've started using it and it's nice in dealing with all the local/session storage and cookies between tests. Here is my big gripe though: the page clearing.

The mandatory page clearing, in my humble opinion, is a straight up no-go. This should be toggleable (default to true/false... whatever). Similar to how a validate option is passed... so like cy.session(myId, setupFn, { forcedPageReload: false});

Why is this needed?

Mandatory page clearing everytime you move to a new it lives under the assumption that everyones site is just super snappy to "load" their home page for example. And in many cases with huge, intense, enterprise size systems, sometimes there's just a plethora of stuff to load during page visit. By requiring a cy.visit inside each it, it's essentially forcing one to have less granular tests, and make one gigantic it declaration. For example, we had some tests which worked very nicely and had a great UI interface with the following:

describe('The page we're testing', () => {
    before(() => {
        cy.fixture('test').then((user) => {
            cy.login(user);
            cy.visit("/");
        });
    });

        it(`${title} Should render some modal`, () => {
            cy.get('#someid').click();
            cy.get(`#anotherId`).should('exist');
        });

        it(`${title} Should close`, () => {
            cy.get(`#closebutton`).click({force: true}).should('not.exist');
        });
    });
});

but now we basically are forced to, because of the new session mechanic, switch everything up like so:

describe('The page we're testing', () => {
    beforeEach(() => {
        cy.fixture('test').then((user) => {
            cy.login(user); // this calls through cy.session(), and inside that does a cy.visit("/");
        });
    });

        it(`${title} Should render some modal`, () => {
            cy.visit("/");
            cy.get('#someid').click();
            cy.get(`#anotherId`).should('exist');
            cy.get(`#closebutton`).click({force: true}).should('not.exist');
        });
    });
});

This is a very contrived example, and if I were to copy/paste the actual code, the resulting it block would be horrifically extreme, spanning many hundreds of lines. Further we lose the granularity of the left-pane on the various describe/it block declarations when running your suite in open mode. We simply cannot do a cy.visit("/") inside each it block on the new version. If we're forced to we'll probably just go back to selenium, or just never upgrade to 9.7 and be forever stuck behind versions. I'm open to discussion here for sure but I'm either just flat out using session wrong, or maybe perceiving the docs wrong... but so far I've basically been stuck doing cy.visit() inside each it and it works FAR worse than what we originally had in place, with preserving our own cookies/storage.

For what it's worth, I too agree that cypress tests should NOT be written akin to some integration/unit test (with the whole assemble, act, assert paradigm). But, also I don't think one should jam 1000 lines of code inside a single it declaration either. It's a line to balance on, and it should be up to the engineers and not forced upon by a tool.

EDIT: Also forgot to mention that potential metric ton of refactoring one might need to do when suddenly switching to session from using the preserveOnce/defaults strategy in various hook blocks. It's going to require people to consolidate it blocks down (cuz now you have to cy.visit each time...) and we have hundreds of tests and it would be a hard "no way". Being able to prevent the page clear from ever happening would get around all of this.

[emilyrohrbough]

Sure thing. So the reason is when the session is restored, and the setup is not run, your test runs it won't be at /home because the login flow didn't run. That would required you to do a cy.visit() after cy.session() to continue running your tests.

[romankhomitskyi]

Sure thing. So the reason is when the session is restored, and the setup is not run, your test runs it won't be at /home because the login flow didn't run. That would required you to do a cy.visit() after cy.session() to continue running your tests.

Thank you

[dvsoukup]

@emilyrohrbough Thanks tons for the response!

The primary reason is to ensure your tests can run reliability and independently from one-another.

I get what you're saying. To be fair though, I really don't think this is something that the cypress team ought to take on... Not their responsibility. But that's just my 2 cents from a random internet stranger of many millions of engineers out there :D Just like we can all write integration tests which talk with a database, there's nearly no suite out there in any language/framework which prevents one from having isolated tests. Same with unit tests... one could still glom together their tests and rely on previous tests. Not saying one should do this, just saying that ultimately the power is up to the developer. Something like this needs to be up to the engineer(s) whom implement their suite of tests, and not mandated by the tool itself.

I get the essence of what's trying to be achieved w/ cy.session and reloading the page... but ultimately this just causes some serious problems with apps which load lots of resources. Simple, small apps with magnificent page load speeds it's likely less of an issue. I feel like cy.session should be concerned with one thing, and one thing only... dealing with the cookies/session state and restoring them when the developer calls for it. Leave the page clearing/loading up to them.

[emilyrohrbough]

Based on multiple users feedback around this undesired behavior, I am in the process of syncing with our Product Team to determine what we might be able to offer users to give them the safest command behavior and/or an option remove this command-level isolation. At this time I can't say for sure if this is work will be willing to support, but it is a conversation that is happening.

[emilyrohrbough]

@rkhomi / @romankhomitskyi / @shutchison-bai / @stokrattt / @dakur / @dvsoukup

We have taken this feedback and as at team we evaluated the test isolation behavior and found it wasn't behaving how users expected and have made adjustments.

In Cypress 10.11.0, the way that Cypress handles test isolation changed. The previous modes of legacy and strict have been replaced with on and off. Now,

• The default mode is on when experimentalSessionAndOrigin is enabled.
• The cy.session() command now inherits the test isolation behavior for the suite it runs in.

To accomplished the example provided above, you will need to set testIsolation="off" in the suite or in the root-level configuration. Be understand there are risks with turning testIsolation="off" and it will be on you to ensure your browser context maintain a clean slate for independent tests.

[romankhomitskyi]

Cypress.Cookies.defaults
And
Cypress.LocalStorage.clear = keys => {
return;
};

Work much better and faster than cy.session()
I am testing an complex app and I can't just use cy.visit in each test because it will make my tests slow

Even without cy.session my tests are independent and reliable

[jablonskey]

Totally agree as well. Not only it will make tests slower, but it's kind of anti-pattern as tests won't be behaving like carbon based user anymore :(

[jitenev]

cy.session -> really breaks custom logic
Cypress.Cookies.defaults -> solved problems very well.

[emilyrohrbough]

@jitenev > cy.session -> really breaks custom logic

Can you share what type of custom logic breaks with cy.session()?

[artalar]

Hi! The session API is just what I need for my tests, local runs in opened console executes two time faster, because of slow login flow. Also, as I understand session API allow to reuse browser caches between tests which improves performance a lot for huge app.

But I have one problem with it - it doesn't work for headless mode, which is more important for me! Here is the reproduce (open with gitpod). You can see that every test took 3sec, but this delay should not be executed for each test except first, because it in the session, is it correct? What I was missing in my code?

[emilyrohrbough]

@artalar Two things here:

1. The fact its fast in open mode was a bug we recently fixed...it was caching between specs when it should have been isolated to your spec.
2. When cy.session() was releases as experimental, it was intentional to isolate this per-spec. We are working on moving cy.session() from experimental to GA and I am currently implementing caching sessions between specs! You should expect to see something in the next few releases.

[dakur]

@jennifer-shehane We have Cypress 10.4 available and call for feedback here, but no one from the team has replied to the raised problems for many months. Can something be done please?

Personally, I'm stuck on v9 as I have no clue how to go with the new session API without squashing all my tests into in big it, as expressed in #17887 (comment) or #21645

[emilyrohrbough]

@dakur Please see the reply above.

[rkhomi]

@emilyrohrbough

Consider this example, we have simple crawler test suite, I just wanna go over sidebar and navigate to a bunch of pages and just check page title

To have this more readable I split it into several it's() to have nice report and know exactly where the page title was changed

Cypress.addCommand('login', () => {
  cy.session('authenticatedUser', () => {
     cy.visit('/login')
     cy.get('username').type('user', { log: false })
     cy.get('password').type('password', { log: false })
     cy.get('submit').click()
}, {
  validate: () => {
      cy.visit('/home')
      cy.contains('Welcome User')
      cy.window().then((win) => {
        expect(win.localStorage.length).to.eq(2)
     })
  }),
})


before(() => {
 cy.login()
})

it('test page 1', () => {
  sidebar.goToPage(1)
  cy.contains(Page 1)
})

it('test page 2', () => {
  sidebar.goToPage(2)
  cy.contains(Page 2)
})

but this won't work since each sidebar click changes the url
However this test suite is independent as possible,
So cy.session makes me change spec file like this

before(() => {
 cy.login()
})

it('Check pages', () => {
  sidebar.goToPage(1)
 cy.contains(Page 1)

  sidebar.goToPage(2)
 cy.contains(Page 2)
})

which is less readable

How about to add an option to not clear localStorage and cookies at all? That is default behaviour in all others frameworks

[emilyrohrbough]

@rkhomi Is there a reason you cannot' use your login command in a beforeEach() instead of condensing all of your tests into a single it block?

[romankhomitskyi]

The reason is that login in beforeEach will make it this test suite slower))
It makes no sense to use loging in beforeEach in this case

Same goes if I were to check that Upgrade plan Stub is shown on specific pages for user with Free subscription plan

I would just put Stub assertion for specific page in saparate it() and it would be much faster just to navigate across the webstie using only one session

It's just SPA

[romankhomitskyi]

I mean, why do I have to use login request and cy.visit(/) when it takes let's say 5 seconds every time, if I could end entire test suite in 5 seconds?

[shutchison-bai]

I am running into the same issue and not upgrading because of it.

[emilyrohrbough]

Please see response above: #17887 (reply in thread)

[vbukin]

I ran into a problem, POST request changes the session.
after execute reCreateUser i have new user cookies.
How can I make POST requests without changing the current session?

Cypress.addCommand('login', (email: string) => {
  cy.session(email, () => {
     cy.visit('/login')
     cy.get('username').type(email)
     cy.get('password').type('password')
     cy.get('submit').click()
}


Cypress.Commands.add('deleteUser', (email: string) => {
	cy.login(ADMIN_USER.email)
	cy.visit('/admin/users')
        cy.get('username').type(email)
        cy.get('button[type="submit"]').click()
})

Cypress.Commands.add('createUser', (user: SignUpFormUser) => {
	const data = {
		email: user.email,	
		password: user.password
	}

	cy.request({
		method: 'POST',
		url: '/api/reg/',
		body: data,
	})
})

Cypress.Commands.add('reCreateUser', (user: SignUpFormUser) => {
	cy.deleteUser(user.email)
	cy.createUser(user)
})

[emilyrohrbough]

@vbukin This question / example doesn't seem specific to the cy.session() command or Test Isolation. If you want to validate a POST request without it impacting cookies on our page, I recommend giving cy.intercept() a try -- this command allows spying and stubbing responses and requests.

[maapteh]

I think this feature makes it worse with regards to cookie state management. First it was very clear what cookies we allowed to keep during a suite. But now for some clients this will become a nightmare (many added visits and more complexity in code) when we want to keep CY latest. For example one client is using keycloak, where the whole util is in cypress-keycloak-commands and from a consumer perspective i want to be able to login and keep state or not depending on my test.

I can only hope you will think about integrations as well. And not the simple ones where login is part of the application.

[maapteh]

Hi @emilyrohrbough i can understand you will not reply on all topics raised. But in my case i can not set one generic toggle on or off. I had the option to put it on/off per testing suite. So before i had in one suite:

  beforeEach(() => {
    Cypress.Cookies.preserveOnce('X-AUTH-TOKEN', 'XSRF-TOKEN')
  })

while other suites where done in total isolation. How can i proceed now for the future of using Cypress? cy.session is not working for the keycloak example for example (user not really logging in but doing some http calls in the keycloak commands) and i have other big users as well who never have an actual login form as part of their own suite but using helpers ...

[emilyrohrbough]

@maapteh You can configure this at the suite level -- which is actually recommended to only turn off where needed:

describe('suite', { testIsolation: 'off' }, () => {
  ...
}

[romankhomitskyi]

It would be really really great if we got an option to not clear local storage and cookies at all

Or at least, clear local storage only once before spec starts executing

[emilyrohrbough]

Please see response above: #17887 (reply in thread)

[maapteh]

But thats not per testing suite right, its for all the tests, or is my lack of english not helping by reading the documentation.

[emilyrohrbough]

@maapteh It can be for all tests or it an be per-suite like:

describe('suite', { testIsolation: 'off' }, () => {
  ...
}

[dakur]

From 10.11, there is testIsolation: 'off' option which prevents clearing page, cookies and stuff. See docs: https://docs.cypress.io/guides/core-concepts/writing-and-organizing-tests#Test-Isolation

[kathryn-p]

I've used cy.origin and cy.session and the majority of scenarios behave as expected. For this application users authenticate on one domain and then are redirected to the main site. There're two particular scenarios I haven't managed to solve; signing out of the application or updating a user display name. When a user clicks the relevant buttons for these scenarios nothing happens. (These scenarios work fine if origin is not used).

I believe the reason it could be causing an issue is that the requests are doing a call-back to the first domain to fetch/update the user token, but without navigating outside the second domain. Is there something I've missed on how to handle this?

[nagash77]

@kathryn-p I'm sorry to hear you are having issues. Would you mind opening an issue around this use case with instructions on how to replicate?

[liquid1982]

Any plans on including IndexedDB in the mix?

Using the session API in combination with Firebase Auth presents some challenges, since Firebase saves data in IndexedDB and the session API does not handle that.

Would love to help! Is there anything I can do?

Also, can anyone recommend a workaround?