Mocking Cookies for Testing
Mocking lets you test with different cookie values without permanently changing them or losing the original. This is essential for testing different user states, feature flags, and error scenarios.
What is Mocking?
Mocking temporarily replaces a cookie's value for testing purposes:
- Original value is preserved in your session.
- Mock value replaces it immediately.
- Resets on reload (unless you re-apply the mock).
- No data loss — original is always available.
This is different from editing, where changes are permanent until you manually revert.
When to Use Mocking
Authentication Testing
- Test as a different user without logging out.
- Simulate expired tokens.
- Test permission levels (admin vs regular user).
- Test multi-factor authentication states.
Feature Flags & Experiments
- Enable or disable features without code changes.
- Test different experiment variants.
- Simulate A/B test states.
- Toggle beta features.
Error Scenarios
- Test with invalid tokens.
- Simulate expired sessions.
- Test malformed data.
- Verify error handling.
Localization & Preferences
- Test different languages.
- Test different themes (light/dark).
- Test regional settings.
- Test accessibility modes.
Payment & Business Logic
- Test different subscription levels.
- Test trial vs paid states.
- Test quota and limit scenarios.
- Test geographic restrictions.
How to Mock a Cookie
Step 1: Find the Cookie
In Cookie Lens, locate the cookie you want to mock:
- Use Search to find by name.
- Use Filter to narrow down by attributes.
Step 2: Open Details
Click on the cookie row to open its details panel.
Step 3: Click "Mock This Cookie"
Look for the Mock button or option in the details panel.
Step 4: Enter Mock Value
- The current value appears as a reference.
- Enter the value you want to test with.
- If the cookie is structured (JSON, JWT, etc.), you can:
- Edit in decoded form.
- Make individual field changes.
- Cookie Lens re-encodes automatically.
Step 5: Apply Mock
Click Apply Mock or Save. The cookie is immediately replaced with your mock value.
Viewing & Managing Mocks
Current Mock Status
The cookie row shows if it's mocked:
- An indicator (icon or label) shows "Mocked" or similar.
- The original value is visible in the details panel.
- You can always see what the original was.
Switch Between Original and Mock
- Click Restore Original to switch back to the original value.
- The mock is remembered during your session.
- Click Re-apply Mock to switch back to the mock.
- Useful for comparing behavior between states.
Multiple Mocks
You can mock multiple cookies at once:
- Each mock is independent.
- The page sees all mocks simultaneously.
- Useful for complex testing scenarios.
View All Mocks
Cookie Lens shows:
- Which cookies are currently mocked.
- What the original value was.
- What the mock value is.
- How long the mock has been active.
Editing Mock Values
After applying a mock, you can modify it:
- Click the mocked cookie.
- The mock value is editable.
- Make changes directly.
- Click Update Mock to apply changes.
- The page updates immediately.
This is useful for iterative testing:
- Change a feature flag from
falsetotrue. - See what breaks.
- Change it back.
- Try a different value.
Practical Examples
Example 1: Test as Different User
Original cookie:
{
"userId": "user-123",
"role": "user"
}
Mock as admin:
{
"userId": "admin-456",
"role": "admin"
}
The site thinks you're logged in as admin. Test admin features without needing admin credentials.
Example 2: Test Expired Token
Original cookie: token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Mock as expired:
- Modify the JWT payload to change
expto a past timestamp. - Or simply use an invalid token:
token=invalid.
Test how the app handles expired sessions. Does it redirect to login? Show an error? Refresh the token?
Example 3: Feature Flag Testing
Original cookie: features=search:true,darkMode:false,betaUI:false
Mock to enable beta UI:
features=search:true,darkMode:false,betaUI:true
The beta UI appears. Test its functionality without deploying.
Example 4: A/B Test Variants
Original: variant=control
Test variant A:
variant=test-a
Test variant B:
variant=test-b
Switch between variants instantly to compare UX.
Best Practices
Use Descriptive Values
Instead of random mock values, use clear descriptions:
- Use
token=invalid-tokeninstead oftoken=xxx. - Use
role=admininstead ofrole=a. - Use
theme=darkinstead oftheme=d.
Document Your Mocks
Keep notes on what you're testing:
- Why you applied this mock.
- What behavior you expected.
- What you observed.
- Any bugs found.
Test Edge Cases
- Empty values:
value=. - Very long values (test truncation).
- Special characters (test escaping).
- Null/undefined (test handling).
Restore When Done
- Don't leave mocks applied indefinitely.
- Click Restore Original after testing.
- Clean mocks before committing code changes.
- Prevents accidental behavior changes.
Use with Browser DevTools
Combine mocking with:
- Network tab — see how the app communicates with different cookie values.
- Console — log data based on cookie state.
- Performance — check if features impact performance.
- Lighthouse — audit with different states.
Limitations & Notes
Mocks Reset on Page Reload
- Mocks are stored in-memory for the current session.
- Reloading the page removes all mocks.
- You must re-apply mocks after reload.
- This is intentional to prevent accidental testing artifacts.
Original Values Cleared on Browser Restart
- Mocks and originals are cleared when the browser closes.
- If you need persistent mocks, use Export to save, then Import after restart.
Signed Cookies
- Mocking a signed/hashed cookie breaks the signature.
- The server will reject it.
- This is expected — test that the server rejects invalid signatures properly.
Server-Set Cookies
- If the server immediately overrides your mock, the mock is lost.
- Navigate to a different page first.
- Or mock a different cookie not managed by the server.
API-Based Authentication
- If the app uses API tokens instead of cookies, mock the token value.
- If it uses multiple cookies (
accessToken+refreshToken), mock both. - Test what happens when they're out of sync.
See Also
- Editing Cookies — permanent changes vs mocking.
- Parsing Values — edit structured values like JSON and JWT.
- Inspecting Cookies — understand what you're mocking.