5 cookie tricks for chrome auth debugging

The CookieJar Chrome extension (MV3) and Chrome DevTools allow engineers to swap auth states without creating test accounts or clearing all cookies [Dev.to]. The extension provides a searchable UI for cookie editing, bulk export to JSON, and one-click import of saved session snapshots. In DevTools, this workflow is available under Application → Cookies → domain → right-click → Delete or edit fields such as Expires.

Key tricks include:

1. Targeted deletion: delete only the session cookie (commonly named session, sid, auth_token, _session_id), leaving other dev-server flags intact [Dev.to].
2. Onboarding flag reset: export the current cookie set, delete a flag like onboarding_complete, reload, then re-import to restore the original state [Dev.to].
3. Role snapshots: export each cookie bundle to admin-session.json, user-session.json, guest-session.json after logging in as admin, regular user, and guest; import the desired file to switch roles in under 30 seconds [Dev.to].
4. Expiry manipulation: edit the Expires column to a past date, forcing the browser to treat the session as expired and surface the exact timeout UI [Dev.to].
5. Loop isolation: delete auth-related cookies one by one while reloading to pinpoint the cookie that triggers a login-redirect loop [Dev.to].

The chrome.cookies API can also be used to script these actions, and Playwright or Puppeteer can inject cookies directly into a test context [Dev.to].

By using cookie snapshots, developers can verify permission checks in seconds, eliminating the minutes-long manual login flow [Dev.to]. Targeted cookie edits expose which cookie drives a bug, providing concrete evidence for bug reports. Additionally, seeing HttpOnly, Secure, and SameSite attributes in CookieJar reminds engineers to keep session tokens out of JavaScript while still being able to test them safely [Dev.to].