Detect a session id cookie with TypeScript in Flows
This TypeScript example checks an API response for a sails.sid cookie. If a sails.sid cookie is present in the response, it could indicate that a session ID has been leaked. By using TypeScript to check for the sails.sid cookie in an If or Condition block, you can route the response to different blocks, depending on the result.
Example JSON
The example uses JSON data from a GET request to postman-echo.com like this:
{
"body": {
"args": {},
"headers": {
"host": "postman-echo.com",
"x-request-start": "t1757972551.591",
"connection": "close",
"x-forwarded-proto": "https",
"x-forwarded-port": "443",
"x-amzn-trace-id": "Root=1-68c88847-aaaaaaaaaaaaaaaaaaaaaaaa",
"user-agent": "PostmanRuntime/7.46.0",
"accept": "*/*",
"cache-control": "no-cache",
"postman-token": "00000000-1111-2222-3333-444444444444",
"accept-encoding": "gzip, deflate, br",
"cookie": "sails.sid=s%3AdummySessionId1234567890.abcdef1234567890"
},
"url": "https://postman-echo.com/get"
},
"http": {
"status": 200,
"headers": {
"Date": "Mon, 15 Sep 2025 21:42:31 GMT",
"Content-Type": "application/json; charset=utf-8",
"Content-Length": "621",
"Connection": "keep-alive",
"Server": "nginx",
"ETag": "W/"26d-FAKEETAG1234567890"",
"Set-Cookie": "sails.sid=s%3AdummySetCookieId0987654321.qwerty9876543210; Path=/; HttpOnly"
}
},
"tests": [],
"binary": false
}
Check a response for sails.sid
The following TypeScript checks an API response in a variable named response for a sails.sid cookie:
(response.body.headers["cookie"]?.includes("sails.sid"))
If the sails.sid cookie is present in the response, the TypeScript returns true. Otherwise, it returns false. You can use this example script in an If or Condition block to route the response data based on the result.
Example
To see this TypeScript in an example flow, check out TypeScript example 2: Check for session cookie.
Last modified: 2025/09/20
