Synopsis
Retrieve cookies from the current page using Chrome DevTools Protocol’s Network.getCookies method.
bdg network getCookies [options]
Description
The network getCookies command retrieves all cookies accessible from the current page context. Returns cookies for the current page’s domain and any parent domains, including HttpOnly and Secure cookies.
This command directly invokes CDP’s Network.getCookies method and displays results in a human-readable format.
Options
Filter cookies by URL. Only returns cookies that would be sent with a request to this URL.Example: --url https://example.com/api
Output results in JSON format for programmatic consumption.
Human-readable (default)
3 Cookies:
[1] session_id
Value: abc123def456ghi789
Domain: .example.com
Path: /
Expires: 2026-04-05T14:30:22.000Z
HttpOnly: Yes
Secure: Yes
SameSite: Lax
[2] preferences
Value: {"theme":"dark","lang":"en"}
Domain: example.com
Path: /
Expires: Session
HttpOnly: No
Secure: No
SameSite: None
[3] tracking_consent
Value: accepted
Domain: .example.com
Path: /
Expires: 2027-03-05T14:30:22.000Z
HttpOnly: No
Secure: Yes
SameSite: Strict
{
"version": "1.2.3",
"success": true,
"data": [
{
"name": "session_id",
"value": "abc123def456ghi789",
"domain": ".example.com",
"path": "/",
"expires": 1743782222,
"httpOnly": true,
"secure": true,
"sameSite": "Lax"
},
{
"name": "preferences",
"value": "{\"theme\":\"dark\",\"lang\":\"en\"}",
"domain": "example.com",
"path": "/",
"expires": -1,
"httpOnly": false,
"secure": false,
"sameSite": "None"
}
]
}
Cookie Properties
name
Cookie name/key.
value
Cookie value. May contain JSON or other structured data.
domain
Domain scope for the cookie. Leading dot (.example.com) indicates cookie is valid for all subdomains.
path
URL path scope. Cookie is only sent for requests matching this path prefix.
expires
Expiration timestamp (Unix epoch seconds). Special values:
Session - Cookie expires when browser closes (expires = -1 in JSON)- ISO date string - Persistent cookie expiration time
httpOnly
If Yes, cookie is inaccessible to JavaScript (document.cookie). HTTP-only cookies are only sent in HTTP requests.
secure
If Yes, cookie is only sent over HTTPS connections.
sameSite
Cross-site request behavior:
Strict - Cookie never sent in cross-site requestsLax - Cookie sent in top-level navigation (clicked links) but not embedded requestsNone - Cookie sent in all cross-site requests (requires Secure flag)
Examples
List all cookies
List cookies for specific URL
bdg network getCookies --url https://example.com/api/users
Get cookies as JSON
bdg network getCookies --json
bdg network getCookies --json | jq -r '.data[] | select(.name == "session_id") | .value'
Check if authentication cookie exists
bdg network getCookies --json | jq '.data[] | select(.name == "auth_token") | .expires'
Find insecure cookies
bdg network getCookies --json | jq '.data[] | select(.secure == false)'
List HttpOnly cookies
bdg network getCookies --json | jq '.data[] | select(.httpOnly == true)'
Export cookies to file
bdg network getCookies --json > cookies.json
Use Cases
Debug authentication issues
# Check if session cookie is present and valid
bdg network getCookies | grep -A7 "session"
Verify cookie security settings
# Find cookies without Secure flag
bdg network getCookies --json | jq '.data[] | select(.secure == false) | .name'
Check cookie expiration
# List session cookies (expire on browser close)
bdg network getCookies --json | jq '.data[] | select(.expires == -1)'
Audit SameSite configuration
# Find cookies without SameSite protection
bdg network getCookies --json | jq '.data[] | select(.sameSite == null or .sameSite == "None")'
Exit Codes
Cookies retrieved successfully (may return empty list)
Failed to connect to daemon
CDP method call timed out
Tips
Session vs Persistent: Session cookies have Expires: Session (expires = -1 in JSON) and are cleared when the browser closes. Persistent cookies have a specific expiration date.
Domain Scope: Cookies with domain .example.com (leading dot) are sent to example.com and all subdomains like api.example.com. Cookies with domain example.com (no leading dot) are only sent to example.com.
URL Filtering: Use --url to see exactly which cookies would be sent with a specific request:bdg network getCookies --url https://api.example.com/v1/users
HttpOnly cookies are invisible to JavaScript but visible to this command. Be careful when logging or sharing cookie data as it may contain sensitive authentication tokens.
See Also
