# Cookies and session management ## Introduction video {% embed url="" %} Session management introduction video {% endembed %} {% hint style="warning" %} When possible, use other means to authenticate a request like Bearer token with JWT. {% endhint %} Advanced REST Client emulates browser behavior when it comes to handling cookies. When a `set-cookie` header is received as a response to an API call then the value of the cookie is processed according to [HTTP State Management Mechanism](https://tools.ietf.org/html/rfc6265) specification. When a request is made to the cookie domain after the cookie was received it is automatically added to the request. {% hint style="info" %} The "set-cookie" header tells the client (web browser, ARC) that the server requests to store some data on the client. This data should be then sent back with any following request that matches the set domain and path. {% endhint %} ARC is a web-based application and it has a browser included in it. To leverage this ARC allows you to open a Chromium browser window (it is an open-source version of Chrome), log in to a web service, and store received this way cookies into ARC storage. The window opened in ARC has a separate storage and session management than any other ARC window (main application, menu popup window, task manager, and so on). This way you can securely authenticate in the window and only incoming cookies are sent back to the application ignoring any other stored values. ## Authenticating to a web service To obtain and store cookies by logging in to a web service using a browser window select Request > Web Session > Login to a web service menu option. This opens an URL input where you can put the login page URL. ![Login to a web service URL input](/files/-LruPVEnpDDEvkH2bjLn) In this example we will use MuleSoft's Anypoint platform login scheme. The login page is accessible under `https://anypoint.mulesoft.com` URL. ![Login page to Anypoint platform](/files/-LruSoCyYmZCWnBW9IV4) After a successful login, a regular page is rendered. ![Authorized user view](/files/-LruT1vHkGtcn3YwR-VK) Now the login window can be closed. All cookies sent by the authorization server are now synchronized with ARC's cookies manager. You can see the cookies by selecting the Request > Web session > Cookie Manager menu option. ![Cookies set by the web service](/files/-LruUEEOxtpufF4iWBsI) When a request to a matching domain is executed the cookies are automatically added to the request. ![Request with cookies added automatically](/files/-LruVMNDCEoDPf4SK3Vi) ## Creating cookies manually In Cookie manager (Request > Web session > Cookie manager) you have an option to create a cookie manually or to edit existing cookie. I am going to create a new cookie that is going to be set to a request send to `domain.com.` ![Cookie editor with values](/files/-LruWBgpiJ9JCXNmgELe) After saving the cookie a new entry is added to the list of cookies. ![Created cookie on the list of cookies](/files/-LruWPS5qClkiisOxj6X) You can preview cookie details or edit the cookie after pressing the "details" button next to the cookie name. ![Cookie details](/files/-LruWfUw_Rolb6k1dKg-) After a cookie is set it will be automatically added to a request that matches the domain `domain.com`. ![Request with cookie](/files/-LruX0bNftrhIoVR5MUX) {% hint style="info" %} Because the cookie was created with dot "." in front of the cookie domain, the cookie is applied to all requests sent to the domain and all its subdomains. This means the request to the domain `http://www.domain.com` will also have the cookie applied to it. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.advancedrestclient.com/using-arc/cookies-and-session-management.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.