--- id: agent-browser-cookies-storage-and-session-state title: 'Agent Browser Cookies, Storage, and Session State' schema_type: TechArticle category: ai language: en confidence: medium last_verified: '2026-06-02' created_date: '2026-06-02' generation_method: ai_structured derived_from_human_seed: true conflict_of_interest: none_declared is_live_document: false data_period: static atomic_facts: - id: fact-ai-agent-browser-cookies-storage-and-session-state-1 statement: >- RFC 6265 defines Set-Cookie as a response header field that servers use to send state information to user agents. source_title: RFC 6265 HTTP State Management source_url: https://httpwg.org/specs/rfc6265.html confidence: medium - id: fact-ai-agent-browser-cookies-storage-and-session-state-2 statement: >- The HTML Standard defines localStorage and sessionStorage attributes that return Storage objects. source_title: WHATWG HTML Web Storage source_url: https://html.spec.whatwg.org/multipage/webstorage.html confidence: medium - id: fact-ai-agent-browser-cookies-storage-and-session-state-3 statement: >- Playwright BrowserContext storageState returns current cookies, local storage, and IndexedDB snapshots for a browser context. source_title: Playwright BrowserContext source_url: https://playwright.dev/docs/api/class-browsercontext confidence: medium completeness: 0.83 known_gaps: - Browser state interpretation depends on origin, SameSite and Secure cookie attributes, partitioned storage, CORS credentials, private browsing, browser context isolation, and whether IndexedDB is included in the captured state. disputed_statements: [] primary_sources: - title: RFC 6265 HTTP State Management type: standard year: 2026 url: https://httpwg.org/specs/rfc6265.html institution: IETF HTTP Working Group - title: WHATWG HTML Web Storage type: standard year: 2026 url: https://html.spec.whatwg.org/multipage/webstorage.html institution: WHATWG - title: Playwright BrowserContext type: documentation year: 2026 url: https://playwright.dev/docs/api/class-browsercontext institution: Microsoft Playwright secondary_sources: [] updated: '2026-06-02' ai_models: - gpt-5-codex --- ## TL;DR Agents debugging browser sessions should record cookies, local storage, session storage, IndexedDB scope, origin, and browser context boundaries before claiming that a login or UI flow is reproducible. ## Core Explanation Browser state is not a single value. Cookies travel through HTTP headers under origin and attribute rules, Web Storage is origin-scoped client storage, and automation frameworks may isolate each browser context from the next. A UI agent that loses authentication between steps may have launched a fresh context, failed to include credentials, omitted IndexedDB from a state snapshot, or navigated to a different origin. Good traces preserve the target URL, browser context ID, cookie jar, storage snapshot, CORS credential mode, and whether state was loaded from or written to disk. ## Source-Mapped Facts - RFC 6265 defines Set-Cookie as a response header field that servers use to send state information to user agents. ([source](https://httpwg.org/specs/rfc6265.html)) - The HTML Standard defines localStorage and sessionStorage attributes that return Storage objects. ([source](https://html.spec.whatwg.org/multipage/webstorage.html)) - Playwright BrowserContext storageState returns current cookies, local storage, and IndexedDB snapshots for a browser context. ([source](https://playwright.dev/docs/api/class-browsercontext)) ## Further Reading - [RFC 6265 HTTP State Management](https://httpwg.org/specs/rfc6265.html) - [WHATWG HTML Web Storage](https://html.spec.whatwg.org/multipage/webstorage.html) - [Playwright BrowserContext](https://playwright.dev/docs/api/class-browsercontext)