Postman FlowsFlows referenceTypeScript in flows

Detect a session id cookie with TypeScript in Flows

View as Markdown

This TypeScript example checks an API response for a sails.sid cookie. If a sails.sid cookie is present in the response, it could indicate that a session ID has been leaked. By using TypeScript to check for the sails.sid cookie in an If or Condition block, you can route the response to different blocks, depending on the result.

Example JSON

The example uses JSON data from a GET request to postman-echo.com like this:

1{
2  "body": {
3    "args": {},
4    "headers": {
5      "host": "postman-echo.com",
6      "x-request-start": "t1757972551.591",
7      "connection": "close",
8      "x-forwarded-proto": "https",
9      "x-forwarded-port": "443",
10      "x-amzn-trace-id": "Root=1-68c88847-aaaaaaaaaaaaaaaaaaaaaaaa",
11      "user-agent": "PostmanRuntime/7.46.0",
12      "accept": "*/*",
13      "cache-control": "no-cache",
14      "postman-token": "00000000-1111-2222-3333-444444444444",
15      "accept-encoding": "gzip, deflate, br",
16      "cookie": "sails.sid=s%3AdummySessionId1234567890.abcdef1234567890"
17    },
18    "url": "https://postman-echo.com/get"
19  },
20  "http": {
21    "status": 200,
22    "headers": {
23      "Date": "Mon, 15 Sep 2025 21:42:31 GMT",
24      "Content-Type": "application/json; charset=utf-8",
25      "Content-Length": "621",
26      "Connection": "keep-alive",
27      "Server": "nginx",
28      "ETag": "W/"26d-FAKEETAG1234567890"",
29      "Set-Cookie": "sails.sid=s%3AdummySetCookieId0987654321.qwerty9876543210; Path=/; HttpOnly"
30    }
31  },
32  "tests": [],
33  "binary": false
34}

Check a response for sails.sid

The following TypeScript checks an API response in a variable named response for a sails.sid cookie:

1(response.body.headers["cookie"]?.includes("sails.sid"))

If the sails.sid cookie is present in the response, the TypeScript returns true. Otherwise, it returns false. You can use this example script in an If or Condition block to route the response data based on the result.

Example

To see this TypeScript in an example flow, check out TypeScript example 2: Check for session cookie.