cy.getCookies() is empty but cookies are still sent

[lukemadera]

Current behavior:

Something - cypress? - is appending cookies. Our backend was recently changed to add a cookie for each user which is logged in to remember them. For our automated tests, we log in with tens of users, and this results in getting a "cookie too large" error on the request. The cypress documentation states that cookies are automatically clear with each test though, and when I log the cookies they indeed seem to be empty. Yet the request is sent with cookies, see below:

cy.getCookies().then((cookies) => {
  console.log('cookies', cookies);
});

The above logs: cookies []

But then the error on cy.request happens and logs:

CypressError: cy.request() failed on:

https://login.presencetest.com/login/?noredirect=1

The response we received from your web server was:

  > 400: Bad Request

This was considered a failure because the status code was not '2xx' or '3xx'.

If you do not want status codes to cause failures pass the option: 'failOnStatusCode: false'

-----------------------------------------------------------

The request we sent was:

Method: GET
URL: https://login.presencetest.com/login/?noredirect=1
Headers: {
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/2.1.0 Chrome/59.0.3071.115 Electron/1.8.2 Safari/537.36",
  "accept": "*/*",
  "cookie": "csrftoken=neI9T0MmzkZ0E6Y6yci5j5Jd0gFYCADCsR5BuPvR2lQ6EiSQjD13ix7A8AC8S1sJ; pl_device_kHx3n4PBHYiXAThEu-hDGHmtp0M=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJrSHgzbjRQQkhZaVhBVGhFdS1oREdIbXRwME0iLCJqdGkiOiIyOWRmYWVkMjNkYWM0YmQ1YWUyZDkzOWIyNWJjZDMyNyIsImF1ZCI6ImxvY2tvdXQifQ.M8G7lPIshquNY4jJi8eVG3EePTCrmIRapKlcwCBtloo; pl_device_KMrLGP53JXdzNegVCOYMckNAiNM=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJLTXJMR1A1M0pYZHpOZWdWQ09ZTWNrTkFpTk0iLCJqdGkiOiI1YjY1MzYwNTIyZmE0NmM5ODhjNDNiMGRlY2RjZGJhMyIsImF1ZCI6ImxvY2tvdXQifQ.0qnuhEu2ZCA8tfXDNcOM7FateS-R3KdPrYRmyK00N8U; [...]

Where is this cookie coming from and why is it being set? This cookie was set over a week ago (the backend code has since changed and has shorter cookies) and I can't find how it is still hanging it around. It consequently breaks EVERY test with a cookie too large error.

Desired behavior:

Cookies are actually A) logged with cy.getCookies so I can manually alter them to remove the long cookie parts, B) cleared before each test so these old cookies are not there at all

How to reproduce:

Run some tests that set cookies. Run more tests later and the cookies are still there.

Additional Info (images, stack traces, etc)

See above

May be related to #781

• Operating System:
  Mac OSX
• Cypress Version:
  2.1.0
• Browser Version:
  Chrome

[lukemadera]

@jennifer-shehane Thanks for investigating. In the meantime, how can I manually set cookies? For now I just want to get rid of them all. I've tried cy.clearCookies() as well as:

requestOpts.headers = {
  cookie: '',
};
cy.log('headers', requestOpts.headers);
return cy.request(requestOpts);

But in both cases the same cookies are still there. How do I remove them / set my own custom cookies / headers?

[lukemadera]

@brian-mann @jennifer-shehane Any update here? This has rendered cypress dead in the water for us and we've had to disable it. We've since remove the cookies to try to work around this but the old cookies still are there. Even if you get help me clear out / reset the old ones (from days / weeks ago) that would be a HUGE help as we're blocked at the moment. I don't want ANY cookies sent at all. Thank you.

[jennifer-shehane]

Could you provide the test code you are running?

I was thinking that this issue may be related to this issue, where the cookies are not cleared cross-domain.

[lukemadera]

Thanks @jennifer-shehane and yes it could be related. I tried to give some examples in this ticket already but I can try to put together a test repo for you if that's what you need. For the immediate term, is there a way to tell cypress to NOT send any cookies at all?

[lukemadera]

@jennifer-shehane @brian-mann Any update on this? And how can I just tell Cypress to not send any cookies at all?

[kc-beard]

@lukemadera it might be worth trying the workarounds discussed toward the end of this issue.

[lukemadera]

Yep, thanks @kc-beard - I tried them as soon as they were added to that thread; as already noted here, cy.clearCookies() is not working for me. I run it before each request and it was still sending cookies.

[RandallKent]

@lukemadera - An test repo would definitely be helpful 😄

[kc-beard]

@RandallKent we're having the same problem at our company. the only solution we've found to reach 100% non-flaky session token persistance is this:

 beforeEach(() => {
   cy
     .logout() // custom command that logs user out from previous test
     .clearCookies()
     .reload()
     .visit('/');
}); 

[lukemadera]

@RandallKent Unfortunately this has blocked us for so long now without any reply that we've basically abandoned cypress all together (we are no longer using it) so I don't know if I'll have time to create a test repo. However, what I think a quick fix could be, and what I've asked for more than once on this thread but haven't had any reply on, is how do I just prevent cypress from sending any cookies at all?

[benpolinsky]

@jennifer-shehane does cy.clearCookies() clear them for cy.request() or just cy.visit()? Because I was under the impression it was only on the client and that cy.request() takes place on the node side, albeit emulating the client.

[kriegster108]

I am having the exact same issue here. I call cy.request at the beginning of my test to obtain oAuth information from an authenticated session, the issue is that later in the test I do not want auth anymore, however cy.request persistently stores these cookies from earlier, which no way to remove them. Cy.clearCookies() does not work either, and setting the cookie: '' in the headers does not override the fact cypress wants to dump the cookies from the earlier requests into my test.

[kriegster108]

To me, It looks like cy.request vs cy.visit stores cookies differently. cy.visit allows me to modify and remove cookies from the browser, but request must be stashing them in another data store.

[kriegster108]

@lukemadera @kc-beard Found a workaround for this!

https://www.npmjs.com/package/request

I just wired up this npm module into cypress using cy.task() and it got my request to post without cookies being attached.

[rovshenn]

Which version is it fixed in @flotwig ? Thank you for the PR for this!

[jennifer-shehane]

Closing as resolved.

If you're experiencing a bug similar to this in Cypress, please open a new issue with a fully reproducible example that we can run. There may be a specific edge case with the issue that we need more detail to fix.