Donobu Logo

page.ai.createCookieReport()

Generate a structured report of all cookies in the current browser session, with AI-written notes on each cookie's purpose and security attributes.

Generates a structured report of all cookies present in the current browser session, with AI-written notes on each cookie's likely purpose and security attributes. Useful for privacy compliance reviews and debugging authentication issues.

Signature

page.ai.createCookieReport(options?: {
  gptClient?: GptClient | LanguageModel;
}): Promise<CookieAnalyses>

Parameters

ParameterTypeDefaultDescription
options.gptClientGptClient | LanguageModelProject defaultOverride the AI provider for this call

Return type: CookieAnalyses

An array of cookie analysis objects. Each object includes the raw cookie fields alongside AI-generated annotations:

type CookieAnalyses = Array<{
  name: string;
  value: string;
  domain: string;
  path: string;
  secure: boolean;
  httpOnly: boolean;
  sameSite: string;
  expires: number;        // Unix timestamp (seconds since epoch); -1 means session cookie
  // AI-generated fields:
  likelyPurpose: string;    // e.g. "Session authentication token"
  securityNotes: string;    // e.g. "Marked HttpOnly and Secure — good practice"
}>

Usage

import { test, expect } from 'donobu';

test('session cookie is secure after login', async ({ page }) => {
  await page.goto('https://app.example.com/login');
  await page.ai('Log in with the test account credentials');

  const cookies = await page.ai.createCookieReport();

  const sessionCookie = cookies.find((c) => c.name === 'session');
  expect(sessionCookie).toBeDefined();
  expect(sessionCookie?.secure).toBe(true);
  expect(sessionCookie?.httpOnly).toBe(true);
});

GDPR / privacy compliance check

test('no third-party tracking cookies before consent', async ({ page }) => {
  await page.goto('https://www.example.com');
  // Do NOT accept the cookie consent banner

  const cookies = await page.ai.createCookieReport();

  const trackingCookies = cookies.filter((c) =>
    c.likelyPurpose.toLowerCase().includes('tracking') ||
    c.likelyPurpose.toLowerCase().includes('analytics'),
  );

  expect(trackingCookies).toHaveLength(0);
});

Use cases

  • Compliance checks: verify that tracking cookies are not set before the user gives consent
  • Security audits: confirm that auth cookies are Secure and HttpOnly
  • Regression testing: detect unexpected new cookies introduced by a deployment
  • Debugging: quickly understand what session state is being stored when an authentication issue occurs