Stateful HTTP tests in JMeter need a place to keep cookies between requests. A login sampler can receive a session cookie, but a later account, cart, or API sampler looks like a new visitor unless JMeter stores that cookie and sends it with matching requests.

The HTTP Cookie Manager stores server-set cookies per virtual user thread, so one user does not inherit another user's session. Place it in the same scope as the HTTP samplers that belong to the browser-like journey, usually under the relevant Thread Group.

Use the GUI to add the manager and keep the normal session behavior explicit before saving the plan. Leave Clear Cookies each Iteration disabled when loop iterations should continue the same browser session, and enable it only when each loop must start as a fresh visitor.

  1. Open the test plan in the JMeter GUI and select the Thread Group that contains the login and session-dependent HTTP samplers.
  2. Add the cookie manager under that Thread Group from Thread GroupAddConfig ElementHTTP Cookie Manager.
  3. Name the element for the session it manages.
  4. Leave the User-Defined Cookies table empty for normal login cookies.

    Server-set cookies are stored automatically. Cookies entered manually in the table reuse one cookie value across every JMeter thread instead of storing one session per virtual user.

  5. Keep Cookie Policy set to standard unless the target application requires a legacy cookie policy.
  6. Keep Implementation at the default HC4CookieHandler value.
  7. Leave Clear Cookies each Iteration disabled when the same virtual user should remain logged in across loop iterations.

    Enable this option only when each loop should begin without cookies from the previous loop.

  8. Save the test plan.
  9. Run a short non-GUI smoke test against a login flow that sets a cookie and a later request that requires it.
    $ jmeter -n -t cookie-manager-demo.jmx -l cookie-manager-results.jtl
    Creating summariser <summary>
    Created the tree successfully using cookie-manager-demo.jmx
    Starting standalone test @ 2026 Jun 29 22:17:13 GMT
    summary =      2 in 00:00:00 =   24.1/s Avg:     7 Min:     0 Max:    15 Err:     0 (0.00%)
    Tidying up ...
    ... end of run
  10. Check the application log, mock endpoint log, or View Results Tree request data for the later sampler.
    $ cat cookie-session-server.log
    server=listening port=18082
    request method=GET path=/login cookie=-
    request method=GET path=/account cookie=SESSIONID=abc123

    The first request has no incoming session cookie. The later request includes SESSIONID=abc123, which confirms that the HTTP Cookie Manager stored the login cookie and sent it to the protected request.