***

title: Create and capture cookies using Postman's cookie manager
updated: 2024-10-04T00:00:00.000Z
topictype: procedure
max-toc-depth: 2
----------------

Postman's cookie manager enables you to view and edit cookies that are associated with different domains. You can manually create cookies for a domain, or you can [capture cookies](/docs/sending-requests/capturing-request-data/syncing-cookies/) using the Postman proxy or Postman Interceptor. You can then use the cookies stored in the Postman cookie jar when sending requests in Postman.

{/* vale postman-style-guide.Inclusive = NO */}

<Info class="iconless-callout">
  To turn off sending cookies with a request, select the request's **Settings** tab, then select **Disable cookie jar**.
</Info>

{/* vale postman-style-guide.Inclusive = YES */}

## About cookies

A *cookie* is a packet of data that a computer receives and then sends back without changing or altering it. Most cookies have two pieces of data: a unique ID for each user and a site name.

Websites can retrieve the cookie when you revisit them, so they can remember you and your preferences and tailor page content for you based on this information. Without cookies, you'd have to sign in again after you leave a site or rebuild your shopping cart if you closed a web page. This makes cookies an important part of the internet experience.

## Use the cookie manager

To manage cookies in Postman, open a request, then select **Cookies** (under **Send**).

![Cookies link](https://assets.postman.com/postman-docs/v11/cookies-link-v11-b.jpg)

In the **Cookies** window, select the **Manage Cookies** tab to display a list of domains and the cookies associated with each one. If you want to view cookies for a domain that isn't in the list, you can [add a domain](#add-a-domain).

![Managing cookies](https://assets.postman.com/postman-docs/v11/manage-cookies-v11-1.jpg)

## Add a domain

To add a new domain to the cookie manager, do the following:

1. Select the **Type a domain name** search box.
2. Enter the domain name. If you enter a protocol (such as `http://`) or port number, they won't be stored with the domain name in the cookie manager.
3. Select **Add domain**.

## Create cookies

To add a new cookie for a domain, select <img alt="Add icon" src="https://assets.postman.com/postman-docs/aether-icons/action-add-stroke.svg#icon" width="16px" /> **Add Cookie** under the domain. A pre-generated cookie string compliant with [HTTP State Management standards](https://datatracker.ietf.org/doc/html/rfc6265#section-4.1) is created.

```js
Cookie_1=value; Path=/; Expires=Wed, 09 Oct 2024 21:49:26 GMT;
```

Postman supports the following attributes:

{/* vale Vale.Spelling = NO */}

* **cookieName** = **cookieValue** - The name of the cookie and its stored value.
* **Domain** - The domain Postman will send the cookie to.
* **Path** - The URL path that the cookie is restricted to. If the path is `/`, the cookie will be sent to all requests in the specified domain.
* **HttpOnly** - If present, the cookie won't be available to the client-side scripts run on the page (for example, with `document.cookie` in JavaScript). The cookie will only be added to the cookie header in requests that are made. This field doesn't have an effect on Postman's behavior.
* **Secure** - If present, the cookie is only sent when the URL begins with `https://` and won't be sent over an insecure connection.
* **Expires** - The time after which the cookie expires and won't be sent by Postman.

{/* vale Vale.Spelling = YES */}

Select **Save** to save the cookie to the Postman cookie jar under the relevant domain.

<Info class="iconless-callout">
  Postman doesn't support the `SameSite` attribute, or the `__Secure-` and `__Host-` prefixes.
</Info>

{/* */}

<Info class="iconless-callout">
  You can also add or edit the cookies in a response with the [Set-Cookie header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie).
</Info>

## Edit or delete cookies

To update an existing cookie for a domain, select the cookie you want to edit, edit any attribute, then select **Save**.

To delete a domain and all cookies associated with it, select <img alt="Close icon" src="https://assets.postman.com/postman-docs/aether-icons/action-close-stroke.svg#icon" width="16px" /> next to the domain. To delete an individual cookie, select <img alt="Close icon" src="https://assets.postman.com/postman-docs/aether-icons/action-close-stroke.svg#icon" width="16px" /> next to the cookie.

To remove all cookies and domains from the Postman cookie jar, select **Clear All Cookies**.

## Send cookies with a request

When you make a request to a domain you have added a cookie to, the cookie automatically appears in your request **Headers** tab. If the cookie isn't visible, select **hidden** to show autogenerated headers.

<img src="https://assets.postman.com/postman-docs/v11/autogenerated-cookie-header-v11-b.jpg" alt="Cookie header" />

<Info class="iconless-callout">
  You can't override cookie headers directly in the **Headers** tab. Edit the cookie in the cookie manager, or delete the cookie and set your request headers manually. You can add cookies in the cookie manager and the **Headers** tab, and Postman will merge the cookies before sending the request.
</Info>

## Script with cookies

You can write scripts that create, get, and delete cookies, giving you more control over your cookies. Use the `pm.cookies` object to access cookies associated with the request. Use the `pm.cookies.jar()` methods to create, get, and delete cookies for a specific domain. To access cookies for specific domains using the `pm.cookies.jar()` methods, you must first [add domains to the allowlist](#access-cookies-in-scripts).

Learn more about [writing scripts that create, get, and delete cookies](/docs/tests-and-scripts/write-scripts/postman-sandbox-reference/pm-cookies/).

### Access cookies in scripts

When you add a domain to the allowlist, cookies for that domain can be accessed in scripts using the `pm.cookies.jar()` methods.

To add a domain to the allowlist, do the following:

{/* vale Vale.Terms = NO */}

1. In the **Cookies** window, select **Domains Allowlist**.
2. Select **Add a domain to the Allowlist**.
3. Enter the allowed domain. If you include anything other than the domain name, such as a protocol, you won't be able to access cookies for that domain.
4. Select **Add**.

{/* vale Vale.Terms = YES */}

To remove a domain from the allowlist, select <img alt="Close icon" src="https://assets.postman.com/postman-docs/aether-icons/action-close-stroke.svg#icon" width="16px" /> next to the domain.

![Manage cookies domains allowlist](https://assets.postman.com/postman-docs/v11/domains-allowlist-cookies-v11.jpg)

## Sync cookies

Postman can capture cookies for a browser or client application using the [Postman proxy](/docs/sending-requests/capturing-request-data/capture-with-proxy/) or [Postman Interceptor](/docs/sending-requests/capturing-request-data/interceptor/). For the domains you select, captured cookies are continuously synced with the Postman cookie jar. This enables you to use any authentication sessions in your browser or client application to make API calls in Postman.

Learn more about [capturing cookies with the Postman proxy or Postman Interceptor](/docs/sending-requests/capturing-request-data/syncing-cookies/).