Skip to main content
Version: 0.1.0

Parsing & Decoding Cookie Values

Cookie Lens automatically detects and decodes structured cookie values, making it easy to inspect and edit complex data without manually decoding.

Supported Formats

JSON

Cookies containing JSON objects or arrays.

Example:

{"userId": "12345", "email": "[email protected]", "role": "admin"}

What Cookie Lens does:

  • Detects JSON automatically.
  • Pretty-prints for readability.
  • Lets you edit individual fields.
  • Re-encodes when saving.

Use cases:

  • User preference objects.
  • Session data.
  • Feature flag configurations.
  • Custom application data.

Base64

Base64-encoded values.

Example:

eyJ1c2VySWQiOiAiMTIzNDUifQ==

Decodes to:

{"userId": "12345"}

What Cookie Lens does:

  • Detects Base64 encoding.
  • Automatically decodes.
  • Shows the decoded value.
  • Re-encodes after editing.

Use cases:

  • Compressed cookies.
  • Binary data encoding.
  • Legacy session formats.

JWT (JSON Web Tokens)

JWT tokens with header, payload, and signature.

Example:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

What Cookie Lens does:

  • Separates header, payload, and signature.
  • Decodes the payload (the actual data).
  • Shows readable claims (sub, name, iat, exp, etc.).
  • Displays expiration time.
  • Lets you inspect but not edit (signature becomes invalid if modified).

Common JWT claims:

  • sub — subject (user ID).
  • name — user name.
  • iat — issued at (timestamp).
  • exp — expiration (timestamp).
  • aud — audience.
  • iss — issuer.
  • Custom claims (your application-specific data).

Use cases:

  • Authentication tokens.
  • OAuth/OpenID Connect flows.
  • API authorization.
  • Secure session management.

URL-Encoded Data

Data in URL parameter format.

Example:

param1=value1&param2=value2&nested=%7B%22key%22%3A%22value%22%7D

What Cookie Lens does:

  • Decodes URL encoding (%20, %7B, etc.).
  • Shows readable parameter names and values.
  • Lets you edit parameters.
  • Re-encodes with proper URL encoding.

Use cases:

  • Multi-parameter configuration.
  • Google Analytics cookies (__ga, __utm_*).
  • Tracking pixel parameters.
  • Legacy cookie formats.

URL-Encoded JSON

JSON wrapped in URL encoding.

Example:

%7B%22userId%22%3A%2212345%22%2C%22role%22%3A%22admin%22%7D

Decodes to:

{"userId": "12345", "role": "admin"}

What Cookie Lens does:

  • Detects both layers (JSON + URL encoding).
  • Decodes both automatically.
  • Shows the JSON in readable format.
  • Edits the JSON normally.
  • Re-encodes both layers.

Use cases:

  • Encrypted or obfuscated data.
  • Legacy systems.
  • Cross-origin data passing.

Query Strings

Semicolon or comma-separated key-value pairs.

Example:

sessionId=abc123; userId=456; theme=dark

or

lang=en,region=US,theme=dark

What Cookie Lens does:

  • Parses the key-value pairs.
  • Shows each key and value.
  • Lets you edit individual pairs.
  • Re-encodes with proper separators.

Use cases:

  • Multi-valued configuration cookies.
  • Legacy Apache/Tomcat cookie formats.
  • Custom application protocols.

Key-Value Pairs

Simplified key-value format.

Example:

name:John,age:30,verified:true

What Cookie Lens does:

  • Parses the pairs.
  • Shows readable keys and values.
  • Lets you edit.
  • Re-encodes.

Use cases:

  • Custom application data.
  • Simple preference storage.
  • Legacy formats.

How to Edit Parsed Values

Click on the cookie in Cookie Lens to open its details.

Step 2: Click Edit

Click the Edit button to enter edit mode.

Step 3: Edit Decoded Value

  • If it's JSON, click on individual fields to edit.
  • If it's JWT, note that you can view but not edit (signature would break).
  • If it's Base64 / URL-encoded, edit the decoded content directly.
  • If it's key-value pairs, edit the values inline.

Step 4: Save

Click Save. Cookie Lens automatically:

  1. Re-encodes to the original format.
  2. Applies the change to the cookie.
  3. May reload the page.

Original cookie value:

{"userId": "12345", "theme": "light", "notifications": true}

You edit it to:

{"userId": "12345", "theme": "dark", "notifications": true}

Cookie Lens automatically:

  • Validates the JSON syntax.
  • Re-encodes any special characters.
  • Saves the modified value.
  • The page sees the updated theme preference.

Format Detection Priority

Cookie Lens detects formats in this order:

  1. JWT — check for 3 parts separated by ..
  2. Base64 — check for base64 padding and valid decoded content.
  3. JSON — check for { or [ patterns.
  4. URL-encoded JSON — check for %7B (encoded {).
  5. URL-encoded — check for % patterns.
  6. Query string — check for = and & patterns.
  7. Key-value pairs — check for : separators.
  8. Plain text — if none match, display as-is.

Tips & Tricks

Inspect Without Editing

  • View decoded values without touching the cookie.
  • Useful for understanding what data is stored.
  • No risk of breaking the cookie.

Test with Different Data

  • Edit a parsed value to test application behavior.
  • Change a role from user to admin.
  • Change a feature flag from true to false.
  • Use Mock instead of direct edit to preserve original.

Decode on the Fly

  • Don't manually copy to a decoder tool.
  • Cookie Lens shows decoded values instantly.
  • Edit decoded values directly.

Validation

  • JSON syntax is validated before save.
  • Invalid JSON shows an error.
  • Base64 validity is checked.
  • URL encoding is corrected if needed.

Complex Nesting

For deeply nested JSON:

  • Click to expand or collapse sections.
  • Edit individual nested fields.
  • Changes cascade up to the root.

See Also