This document describes how to work with cookies.


Molybden does not interfere with how cookies work in Chromium. Chromium decides how to download cookies from a web server, extract them from the HTTP headers, and store them.

The Cookies service allows you to get, modify, and remove cookies. The Cookie class provides information on a particular cookie.

To obtain the Cookies service for a specific Profile use the Profile::cookies() method:

auto cookies = profile->cookies();

Supported protocols

Molybden supports cookies that are sent using the following protocols:

  • HTTP
  • WS (WebSocket)
  • WSS (Secured WebSocket)

If a cookie is sent using a protocol that is not on the list, it will not be stored in the cookie storage.

Working with cookies

Molybden supports the following kinds of cookies:

  • Persistent cookies. These are stored in the Chromium user data directory. If you delete the Chromium user data directory, all the persistent cookies will be removed.
  • Session cookies. These are stored in the application memory. These cookies will be removed automatically when the application is terminated.
  • Secure cookies. These can only be transmitted over an encrypted connection, i.e. HTTPS. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.
  • HttpOnly cookies. These cannot be accessed by the client-side APIs, such as JavaScript. This restriction eliminates the threat of cookie theft via cross-site scripting (XSS). However, the cookie remains vulnerable to cross-site tracing (XST) and cross-site request forgery (XSRF) attacks.

When you modify cookies, use the Cookies::persist() method to save the changes.

Getting cookies

To get all cookies, use the Cookies::list() method:

auto cookies = profile->cookies()->list();
for (auto cookie : cookies) {
   std::cout << "name = " << << std::endl;

Similarly, you can get all cookies by a URL:

auto cookies = profile->cookies()->list("");

Creating cookies


To create a persistent cookie with an expiration time use the following code:

Cookie cookie("");
cookie.creation_time = creationTime;
cookie.expiration_time = expirationTime; = "cookie name";
cookie.value = "cookie value";
cookie.path = "/";



To create a session cookie use the following code:

Cookie cookie(""); = "cookie name";
cookie.value = "cookie value";
cookie.path = "/";


Deleting cookies

To delete all cookies use the Cookies::deleteAll() method:


To delete one cookie, use the Cookies::deleteCookie() method. The following code deletes all cookies one by one:

auto cookies = profile->cookies();
for (auto cookie : cookies->list()) {

Suppressing cookies

You can control all incoming and outgoing cookies using the delegates of the Network.

To suppress the incoming cookies use the following code:

network->onCanSetCookie = [](const CanSetCookieArgs& args,
                             CanSetCookieAction action) {

To suppress the outgoing cookies use the following code:

network->onCanGetCookies = [](const CanGetCookiesArgs& args,
                              CanGetCookiesAction action) {


Molybden supports the cookie encryption by default. It uses the Chromium cookies encryption routines, so the cookies are stored exactly as in Chromium.


On Linux, Chromium uses GNOME Keyring or KWallet to encrypt cookies. Chromium automatically chooses which store to use. You can manually specify which store to use via an appropriate option when constructing the App . For example:

AppOptions options;
options.password_store_type = PasswordStoreType::kGnomeKeyring;
App::init(options, [](std::shared_ptr<App> app) {
  // ...


On Windows, Molybden uses only DPAPI to encrypt cookies. There are no alternatives at the moment.


On macOS, Molybden uses the private key stored with the Keychain Application to encrypt cookies with AES encryption.

On this page