Advanced REST Client blog
Blog for Advanced Rest Client - a Google Chrome application.

Session management aka cookies in Advanced REST Client

In recent update there is a new session management mechanism. After last big update some of you complained about lack of cookies support. The networking in Chrome apps is separated from Chrome. Therefore it wasn't possible (and still isn't) to use cookies set in Chrome tab.



However, the app is now equipped in it's own session management.


Cookie store works similar as browsers do. There might be some differences - mostly about when the cookie is deleted from the store - comparing to a browser but general idea and storing / compering / rejecting or accepting algorithms are the same as defined in the spec.

Now the Advanced REST Client will accept cookies from the remote server, save them in local database (if cookies match domain and path as described in the spec). It will send back this cookies to the server during next call where domain and path match the cookie.

You can obtain a session cookie from the login form (for example) and use this cookie automatically while testing the API. It won't work, however, with cookies set in chrome tab.
Chrome apps don't have and most probably will never have access to browser's cookie storage (or any browser data). As the author I can't do much about it since it's a Chromium team design decision.

Note: Cookies are saved locally on your computer in the app's database. It means that other apps do not have access to it. You can be sure that session cookies can't leak outside the app because of the cookie store.
Be aware however that the exported file with request data will include "Set-Cookie" headers if there was any in exported requests.

Leave a comment if you have an idea of how to improve the app!