During a Proof-of-Concept I ran into some challenges while using Postman. I had to test certain API calls based on different user-credentials, and for some reason eveything kept working like I was the super-admin.
Turned out that the application used cookies, and after the initial authentication of the super-admin, postman used to cookie to authenticate the new sessions based on another username and password.
Thankfully, it’s possible to delete cookies in postman before running a request in the ‘Pre-request Script’.
Just add the following script in the ‘Pre-request Script’ section of the request, or Collection;
const jar = pm.cookies.jar(); jar.clear(pm.request.url, function (error) { // error - <Error> });
There’s one other setting that needs to be set, and that’s in the cookies section where you need to Whitelist the domain. Which allows Postman to interact with cookies from that domain.
Add the domain (or in my case the IP address) show that issued the cookie to the whitelist domains
After that, the cookies can automatically be removed by the ‘Pre-request Script’, and everything would work as I intended.