← Back to library
Playwrightauthadvancedv1.20+

Read and assert a cookie

Retrieve cookies from the browser context after login and assert their security flags.

1test('auth cookie is set with correct security flags', async ({ page, context }) => {
2  await page.goto('/login');
3  await page.getByLabel('Email').fill('user@test.com');
4  await page.getByLabel('Password').fill('secret');
5  await page.getByRole('button', { name: 'Sign in' }).click();
6  await page.waitForURL('/dashboard');
7
8  // context.cookies() returns every cookie for the current browser context
9  const cookies = await context.cookies();
10  const auth = cookies.find((c) => c.name === 'auth_token');
11
12  expect(auth).toBeDefined();
13  expect(auth!.httpOnly).toBe(true); // JS must not be able to read it
14  expect(auth!.secure).toBe(true);   // must only transmit over HTTPS
15});
#cookie#cookies#httpOnly#secure#assert