July 25, 2013

SoapUI Cookie management

Filed under: automation — SiKing @ 12:09 pm
Tags: ,

It seems that HTTP session Cookie management in SoapUI is little understood. 😦 Performing several Google searches, supplemented by some emails to SmartBear support, yielded only a lot of confusion. Until one day I happened upon this gem by user “Unibet Support”!

Cookies are normally handled by the client in a “Cookie Store”; in SoapUI they cannot be read/set same as other parameters. I am intentionally using the upper-case C here, as one of my first attempts was: messageExchange.requestHeaders['cookie']. Through some trial and error I discovered that I could use an event like submit.request.requestHeaders['Cookie'] (with the upper-case C), however this was still not the correct path to enlightenment.

You first need to get into the Cookie jar.

def myCookieStore = HttpClientSupport.getHttpClient().getCookieStore()

Reading Cookies

def myCookies = myCookieStore.getCookies()

This will give you a List. An individual Cookie is going to look something like:

[version: 0][name: JSESSIONID][value: 6ed79202575ff0c178efa2d4d9f1][domain: abcd-zq11][path: /css][expiry: null]

You can access each of the items with a get method, which Groovy usually exposes as a parameter.

assert myCookies[0].getValue() == myCookies[0].value

To get one specific Cookie, you could do something like:

def interestingCookie
myCookies.each {
	if( == "JSESSIONID")
		interestingCookie = it

Updating Cookies

To update a Cookie is just as easy. Each of the get methods has a corresponding set method, again in Groovy exposed as a parameter.

interestingCookie.value = "new_cookie_value"

This, of course, updates the Cookie right in the Cookie Store! To avoid this:

def clonedCookie = interestingCookie.clone()
clonedCookie.value = "cookie_not_in_store"

Deleting Cookies


will clear out all Cookies from the Store. To delete only one specific Cookie, you could do something like:

interestingCookie.expiryDate = new Date() - 1	// yesterday
myCookieStore.clearExpired(new Date() - 1)

Creating Cookies

This is a little more involved.

import org.apache.http.impl.cookie.BasicClientCookie
def myNewCookie = new BasicClientCookie("cookie_name", "cookie_value")
myNewCookie.version = 1
myNewCookie.domain = "qa.test"

Of course you could have done something like:

def myNewCookie = new BasicClientCookie("cookie_name", interestingCookie.value)


  1. Cookie jar?

    What tha hell is that?

    Comment by Eduardo Milpas — October 25, 2017 @ 12:50 pm | Reply

  2. I am trying to pass a cookie to a REST web service. I was able to create a cookie based on this post. But, after adding the cookie to the cookie store, I do not see the cookie in the raw request. Can you please tell me how do I pass the cookie ?

    Comment by Anonymous — March 22, 2014 @ 4:08 am | Reply

  3. Hi,

    I tried to retrieve a cookie by using the script. I executed the following script

    def myCookieStore = HttpClientSupport.getHttpClient().getCookieStore()

    this returned a null array []. What could be the reason? I am using SoapUI PRo 4.6.0 trial version


    Comment by selvyn — October 18, 2013 @ 2:27 am | Reply

    • Have a look in the Raw Response tab, to see if your response has any cookies to read.

      Comment by SiKing — October 18, 2013 @ 7:15 am | Reply

    • I found the same thing with SoapUI 4.6.4. I don’t think that this is the cookie store that is being maintained in the test run. After a lot of poking about in the TestRunContext and the Javadoc I’ve come up with this bit of groovy:

      import com.eviware.soapui.model.iface.SubmitContext
      import org.apache.http.client.protocol.ClientContext

      def httpContext = context.getProperties().getProperties().get(SubmitContext.HTTP_STATE_PROPERTY)
      def cookieStore = httpContext.getAttribute(ClientContext.COOKIE_STORE)
      def cookies = cookieStore.getCookies()
      def jSessionId = null
      for (cookie in cookies) {
      if ( == “JSESSIONID”) {
      jSessionId = cookie.value

      Comment by RegW — February 16, 2014 @ 10:53 am | Reply

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a free website or blog at

%d bloggers like this: