← Back to library
Cypressauthadvancedv10+

Read and assert a cookie

Use cy.getCookie() to retrieve a named cookie and assert its value and security flags.

1it('auth cookie is set with correct security flags', () => {
2  cy.request('POST', '/api/login', {
3    email: 'user@test.com',
4    password: 'secret',
5  });
6
7  // getCookie() returns the cookie object — chain assertions on properties
8  cy.getCookie('auth_token').should('exist').then((cookie) => {
9    expect(cookie.httpOnly).to.be.true; // JS must not be able to read it
10    expect(cookie.secure).to.be.true;   // must only transmit over HTTPS
11  });
12});
#cookie#getCookie#httpOnly#secure#assert