Postman: How do you delete cookies in the pre-request script?

cookies session-cookies postman

18,292

Solution 1

new version now supports that since 2019/08, see more examples here: Delete cookies programmatically · Issue #3312 · postmanlabs/postman-app-support

Prerequisite

Cookie domains to be given programatic access must be whitelisted.

clear all cookies

const jar = pm.cookies.jar();
jar.clear(pm.request.url, function (error) {
  // error - <Error>
});

get all cookies

const jar = pm.cookies.jar();
jar.getAll('http://example.com', function (error, cookies) {
  // error - <Error>
  // cookies - <PostmanCookieList>
  // PostmanCookieList: https://www.postmanlabs.com/postman-collection/CookieList.html
});

get specific cookie

const jar = pm.cookies.jar();
jar.get('http://example.com', 'token', function (error, value) {
  // error - <Error>
  // value - <String>
});

Solution 2

According to the documentation pm API reference the pm.cookie API is only for the Tests tab, not for the Pre-request Script.

The following items are available in TEST SCRIPTS only.

pm.cookies

...

It seems that you will have to stick with this method : Interceptor Blog post

18,292

K5 User

Updated on June 19, 2022

Comments

K5 User 11 months
All the postman cookie-management answers I've seen refer to either the browser extension (open chrome, delete cookies viz interceptor etc) or with the app, using the UI to manually manage cookies.

I would like to delete certain cookies in my pre-request code as part of scripting my API tests. (delete them programmatically)

The Sandobx API docs mention pm.cookies so I tried
```
if (pm.cookies !== null) {
   console.log("cookies!");
   console.log(pm.cookies);
}
```
But the pm.cookies array is empty. Yet in the console, the GET call then passes a cookie.

There's also postman.getResponseCookies, which is null (I assume because we're in the pre-request section, not in the test section)

One answer suggested calling the postman-echo service to delete the cookie. I haven't investigated this yet, but it doesn't feel right.
- K5 User almost 6 years
  
  (This is specific to the postman app, not the extension, sorry if I wasn't clear)
- A.Joly almost 6 years
  
  If your API has a delete function that you can use for cookies (like postman-echo has), you may build one request to delete them and chain the request you want to execute (via setNextRequest()).
- A.Joly over 5 years
  
  The answer concerning postman echo is a dead end, cookies are linked to a domain, so your cookie will be linked to yours, not postman-echo, and then won't be deleted. Too bad, it actully deleted the cookie from the cookie manager.
- A.Joly over 5 years
  
  You may have a look here stackoverflow.com/questions/1085756/…, but if your cookie is set with http_only, you won't be able to access (and remove) it. In my case, it is http_only (sob). Else you can change its date (accessing it in javascript) and set it to yesterday or even -1 could work I think ...
- Suzana over 5 years
  
  There is a feature request for this: github.com/postmanlabs/postman-app-support/issues/3312
jackr about 5 years

But the Interceptor is restricted to the Chrome plug-in, which will soon be retired, isn't it?
PatrickWalker about 5 years

getpostman.com/docs/v6/postman/scripts/… indicates pm.cookies is available for native apps now but i also see the same behaviour as the op with the cookie object being empty
Ferran Maylinch over 3 years

Thanks! I noticed that it's necessary to whitelist domain to access cookies: learning.postman.com/docs/postman/sending-api-requests/cooki‌es/…
Toby Artisan about 3 years

As of this date in 2020, Postman does allow the usage of pm.cookies.jar() in the pre-request scripts, so @aaron's answer seems more appropriate now.
Toby Artisan about 3 years

It is worth noting that the url that is passed to jar.get in this example must include the request path if there is one. It does not need to include any query string, though. E.g. "example.com/subexample" NOTE that the URL shown here includes "https://", but it's not being displayed. You will need to include the protocol when getting the cookies.
Joel Mellon over 1 year

jar.clear(pm.request.url... doesn't work for me. 1) Notice it's an object. I'm not sure jar.clear() supports that. 2) I've got environment variables set that build my my request URL. They aren't resolved at the time I access them (before my script) as you can see: {"path":["{{endpoint.token}}"],"host":["{{base-path}}"],"que‌ry":[],"variable":[]‌} - note the variable names in the object's properties, eg. "{{base-path"}}. I ended up getting my root domain var's value via pm.environment.get('host') which works great to clear all cookies for {{host}}.