Forum Discussion

kris2's avatar
kris2
New Member
20 days ago

Remove Cookie header

Hi, Is there any way to remove a header for example "Cookie" from the Request headers via the Groovy script or via the RequestFilter.filterRequest? The setting "maintain HTTP session" is setting the...
CarlosValcarcel's avatar
CarlosValcarcel
Icon for Staff rankStaff
2 days ago

Do it in a Project > Events > RequestFilter.filterRequest handler and strip the header from the low-level Apache HttpRequest. Editing request.requestHeaders only removes headers you added in the UI; the “Maintain HTTP session” cookie is injected later by the HTTP client, so you must remove it from httpRequest.


There are a few ways to do this:
- Copy-paste handler (per-step opt-out)

Add this under Project > Events > RequestFilter.filterRequest:

// Opt-out mechanism: set a custom property SkipCookies=true on any TestStep you want to exempt
def skip = request?.getPropertyValue('SkipCookies')
if (skip?.equalsIgnoreCase('true')) {
    // 1) Remove any Cookie header explicitly set in the UI
    def h = request.requestHeaders
    if (h?.containsKey('Cookie')) {
        h.remove('Cookie')
        request.requestHeaders = h
    }

    // 2) Remove Cookie headers injected by the HTTP client/session feature
    def httpRequest = context.getProperty('httpRequest')   // org.apache.http.HttpRequest
    httpRequest?.removeHeaders('Cookie')
}


On any REST/SOAP Request test step where you want no cookies, add a custom property SkipCookies=true. Everything else keeps using the session cookie.

You could also target them by name or tag instead of a property:

// Only strip cookies for these TestStep names
def target = ['Auth Probe','HealthCheck'] as Set
if (request && target.contains(request.name)) {
    def httpRequest = context.getProperty('httpRequest')
    httpRequest?.removeHeaders('Cookie')
    def h = request.requestHeaders; h?.remove('Cookie'); request.requestHeaders = h
}

And remember, header names are case-insensitive, but always call httpRequest.removeHeaders('Cookie') (capitalization doesn’t matter).

This runs early enough to affect the final wire request; you don’t need to touch SubmitListeners.

If you ever need to nuke all cookies for a specific call (not just the header), you can also temporarily clear the cookie store in a SubmitListener.beforeSubmit and restore it in afterSubmit, but the handler above should be simpler and safer.

Let me know how it goes!