Skip to content
SendPad Docs

Cookie Manager

SendPad maintains an RFC 6265 cookie jar per environment. Every Set-Cookie from any response is stored and automatically sent on matching future requests — exactly like a browser. No manual wiring needed.

How it works

Section titled “How it works”
# @cookies on   ← default, can omit


@baseUrl = https://httpbin.org


### Step 1 · Login (server sets session cookie)
# @name login
GET {{baseUrl}}/cookies/set?session=abc123


# @assert status == 200


### Step 2 · Authenticated request
# Session cookie is sent automatically
GET {{baseUrl}}/cookies
# @assert body contains abc123
Section titled “Cookie scoping”

Cookies are scoped to the active environment. Switching from dev.env to staging.env gives you a completely separate jar — cookies never cross environments.

Opting out

Section titled “Opting out”

To disable the cookie jar for a specific file, add this before the first ###:

# @cookies off


### This request sends no cookies and ignores Set-Cookie
GET {{baseUrl}}/endpoint

Works for both .http and .ws files.

Section titled “Manual cookie header”

You can always set cookies manually via the Cookie header (useful for testing specific scenarios):

GET {{baseUrl}}/protected
Cookie: session={{SESSION_ID}}; csrf={{CSRF_TOKEN}}
Section titled “Cookie Manager UI”

Click the 🍪 icon in the header to open the Cookie Manager. From here you can:

  • View all cookies for the active environment — name, value, domain, path, expiry
  • Delete individual cookies
  • Clear all cookies for the current environment scope

WebSocket + cookies

Section titled “WebSocket + cookies”

WebSocket connections share the same cookie jar as HTTP requests. Cookies set by a prior HTTP login are automatically attached to the WS upgrade handshake.

# login.http — sets session cookie
POST https://api.example.com/login
Content-Type: application/json
{"email":"{{USER_EMAIL}}","password":"{{USER_PASSWORD}}"}
# chat.ws — no auth headers needed; the login cookie rides along
@url = wss://api.example.com/chat


### Say hi
> {"type":"hello"}
# @expect within 3000
< "welcome"

Storage

Section titled “Storage”

Cookies live in memory for the session. They reset when the app restarts (they are not written to disk). This keeps your credential state clean between test sessions.