How to Edit Cookies

Opening the Edit Dialog

1. In Cookie Lens, find the cookie you want to edit.
2. Click on the cookie row to open its details.
3. Click the Edit button.
4. The edit dialog opens with all fields editable.

Editing Cookie Value

Quick Edit

1. Click the cookie row.
2. The Value field shows the current value.
3. Modify the value directly.
4. Click Save to apply immediately.
5. The page may need to reload to see effects.

Important Notes

• If the cookie value is structured (JSON, JWT, Base64, etc.), you can edit it in decoded form — Cookie Lens automatically re-encodes when saving.
• See Parsing Values for more details.
• The original value is saved for your session (you can revert if needed).

Editing Cookie Attributes

Domain

Change which domain(s) can access the cookie:

• .example.com — accessible from example.com and all subdomains (www, api, etc.).
• example.com — accessible only from the exact domain.
• Keep the leading dot (.) for cross-subdomain cookies.

Chrome may reject the change if the new domain doesn't match the current site.

Path

Restrict the cookie to a specific URL path:

• / — entire site (most common).
• /admin — only /admin/* URLs.
• /api/v2 — only /api/v2/* URLs.

Expiration

Set when the cookie expires:

• Session — expires when the browser window closes.
• Date/time — pick a specific expiry time.
• Custom seconds — set as Unix timestamp or days from now.
• Never expires — very far in the future (not recommended for auth cookies).

Secure Flag

Requires HTTPS:

• Enabled — only sent over HTTPS (recommended).
• Disabled — sent over both HTTP and HTTPS (avoid for sensitive data).

Chrome's webRequest API may enforce Secure cookies on modern sites.

HttpOnly Flag

Prevents JavaScript access:

• Enabled — JavaScript cannot read (best for security).
• Disabled — JavaScript can read and modify (use only if needed).

For auth tokens, always enable HttpOnly to prevent XSS attacks.

SameSite Policy

Control cross-site request behavior:

• Strict — only sent in same-site requests (most secure).
• Lax — sent on top-level navigation, not cross-site (default).
• None — sent in all requests (requires Secure flag, for CDNs).
• Unspecified — browser default (usually Lax).

Confirming Changes

Production Site Warning

If you're editing on a production domain (not localhost, staging, etc.):

• A warning appears before save.
• Review your changes carefully.
• Confirm that you want to modify production cookies.

Save vs. Discard

• Save — apply changes to the actual cookie.
• Discard — close without saving (cookie unchanged).

The page may reload after save to reflect changes.

Mocking Cookies (Test Without Saving)

Want to test with different values without permanently changing the cookie?

1. Click the cookie row.
2. Click Mock This Cookie.
3. Enter the mock value you want to test.
4. The cookie is immediately replaced with the mock value.
5. The original value is saved for the session.
6. Click Restore Original to switch back.
7. Mocks reset when the page reloads (unless you re-apply).

This is great for:

• Testing different authentication states without logging in/out.
• Simulating feature flags (A/B tests, feature gates).
• Testing error scenarios (expired tokens, invalid values).
• Validating parsing logic with different data formats.

Bulk Editing

Delete Multiple Cookies

1. Select cookies by checking their checkboxes.
2. Click Delete Selected.
3. Confirm the deletion.
4. On production domains, provide additional confirmation.

Copy & Paste Values

1. Copy the full value from one cookie.
2. Paste into another cookie's value field.
3. Edit attributes as needed.
4. Save.

Safety Features

Protected Cookies

Some cookies are marked as Protected:

• Deleting requires confirmation.
• Useful for important auth tokens.
• Click the lock icon to toggle protection.

Confirmation Dialogs

Critical operations ask for confirmation:

• Deleting any cookie.
• Deleting multiple cookies.
• Editing on production domains.
• Removing protection.

Undo / Revert

If you make a mistake:

1. Before reload: click Restore Original in the cookie details.
2. After reload: use the Events tab to see change history and repeat the edit.
3. Full recovery: re-import the cookie from a saved JSON export.

Common Use Cases

Test Authentication

1. Find your sessionId or accessToken cookie.
2. Mock it with an invalid or expired value.
3. Observe application behavior.
4. Click Restore Original to get back to normal.

Simulate Localization

1. Find the language preference cookie (e.g. lang=en).
2. Edit to lang=es or another language.
3. Reload the page to see localization.
4. Restore when done.

Experiment with Consent

1. Find cookie consent flags (e.g. cookieConsent=all).
2. Change to cookieConsent=none.
3. Test analytics and tracking disable.
4. Restore to verify re-enable.

Debug Expiry Issues

1. Find the problematic cookie.
2. Change expiration to "expires in 10 seconds".
3. Watch the cookie disappear.
4. Edit again to extend the expiration.

Tips & Tricks

• Preview mode — edit in the dialog before saving to catch mistakes.
• Copy from DevTools — right-click → Copy full cookie details from the Application tab.
• Batch operations — select multiple cookies to delete them all at once.
• Date picker — click the expiration field to get a calendar picker.
• Keyboard shortcuts — Ctrl/Cmd+S to save, Esc to cancel.

See Also

• Parsing Values — decode and edit structured values.
• Mocking Cookies — in-depth guide to testing with mocks.
• Inspecting Cookies — understanding cookie attributes.