How can I resolve active session problem in JMeter - performance

Whenever I run the login/logout script, I get You have already logged in. How to resolve this?.
when I try to login manually. I got this popup message.
This user is already logged in. Do you want to terminate other active session.
So, how to handle this situation in JMETER.
enter image description here

Please implement the logout request and after that clean the cookie.
Follow the instruction as mentioned in
Jmeter Clear cookies after each http request

It means that logout doesn't really logs you out, not knowing the details of your test/application it's not possible to come up with a comprehensive solution, in the meantime you can try unticking Same user on each iteration on Thread Group level:
or ticking Clear cookies each iteration box in the HTTP Cookie Manager/HTTP Cache Manager
If your session is being orchestrated by a custom Header - remove it from the HTTP Header Manager somehow

Related

Make a request handle redirect by providing necessary parameters

I'm using jmeter to load test a Feature Page.
My jmeter requests (for that page) are being redirected to a login page. How do I provide login info for that redirect?
I already tried:
Controller
Login Page
Feature Page
Logout
But somehow a user even though already authenticated via Login Page is still being asked to login on the Feature Page.
Wondering if someone has a suggestion.
Make sure you're really logged in as "green" result in JMeter doesn't necessarily indicates successful request. You can verify responses using View Results Tree
listener
Add HTTP Cookie Manager to your Test Plan, if your application uses cookies for establishing/maintaining user session it should automatically resolve your problem
Inspect your test plan for any dynamic values (request parameters, headers, URL postfixes, etc.), if the are - they need to be correlated.

Cross/Multiple tab communication during login

In implementation of Login, I want to make sure if a user is already logged in one tab of the browser and opens the same web site in another tab, he gets redirected to homepage rather than the log in page. It's an ideal scenario as it happens in all the web site. I am achieving the same by storing logged in unique user token in local storage. Is it the best way to achieve it? Kindly guide! is it safe? If not how to go about it?
Just consider everything on the client as tainted or possibly manipulated.
So basically you should always check on the server side if the client has a valid session and only then deliver the homepage to it.
I would use a cookie set by the server side - just a random id bound to the actual client session on the server.
So the client could mess with that, but would have a hard time to guess another (also random) session id.
The cookie should be cleared by the server if the user logs out.
Then I would check on every call if he has a valid session id and if not directly send him to the login page by a redirect. Additionally you could then send him from the login page to the homepage whenever he is already logged in.

JSESSIONID not working as expected in Jmeter

I'm working on a stress/test project for a application that uses ADF 11g.
I've recorded the log in process with Jmeter test script recorder.
My steps were:
Open up the site
Type in Username and Password
Click login
I have extractors and Cookie Manager set up correctly and replaced all the afrLoops, JsessionID, javax.faces.ViewState...etc
When I run the thread in Jmeter, the Login step respond always shows that it times up caused by inactivity.
So I looked deeper into it.
I used chrome's inspect element feature and check out the JSESSIONID while performing the steps live.
I saw that the JSESSIONID at the login page and the JSESSIONID after login are different.
but in my Jmeter test the JSESSIONID stays the same before and after login.
Does anyone know what is going wrong?
Thanks.
You need a different JSESSIONID after logon - is normal.
please have a look at this blog: http://soadev.blogspot.ro/2014/04/jmeter-load-test-oracle-adf-applications.html
I am also testing a website having two JSESSION Ids before and after login. Jmeter cookie manager stores only the latest JSESSION id. If you try to check in Chrome's Inspect element, you will find that after login your cookie value get changed and that's what Jmeter Cookie manager is storing. Therefore, when you check cookie value in debug sampler, you will get only one JSESSION id

Jmeter: To login multiple times and hitting multiple URLS

I am novice in Jmeter, just started to know its inner functionality. I am stuck in a problem. I have to hit multiple urls (only search id) is changed so in "HTTP Request" i have placed "/build-4.4.10.0/?earchId=${ID}&Application=sc&IsSearchLink=TRUE"
I am providing session key and that search id through csv file. Problem is though its going to the link but redirecting it to login page, and i do not know how to create users on run time and assign to that each URL.
I have 200+ URLS, what should i do, please guide
Thanks
If your application needs any login authentication and/or cookies, then you will need to add the Cookie manager for maintaining the session, else application will not be able to maintain a session and it will throw the user out of the application, then redirecting it to the login page.
You can refer to the below mentioned links for more information about cookie manager.
https://sqa.stackexchange.com/questions/13966/jmeter-http-cookie-manager/13975#13975
http://jmeter.apache.org/usermanual/component_reference.html#HTTP_Cookie_Manager

automatically redirect to login page after session timeout - JSP, Spring

I can redirect a user to home page upon session logout.. this was very simple. However, if an user had logged into the app and had the page open, even on session time out, he is able to perform all the functions(this is bad).
The redirect does not happen until the page is refreshed, or submitted to the server... there are some update functions that could be done by the user even if he is not currently logged in... I have done a lot of research but unable to fix this solution. I also found this thread but it seems to have no proper answer:
Spring Security 3.1 - Automatically redirect to login page when session-timeout occurs
For example, most of the banking sites log you out after a time out.. they do not wait until you come back and then submit a request before you are redirected to home page.
HTTP is stateless. To achieve some form of state the server can maintain a session for each user by giving them a session id on their first request. The user would have to resend that session id on each future request to identify that the other requests happen within the same session.
Because the session is maintained by the server, there is no way to notify the client that the session has timed out.
Instead, if the user makes a new request when the session is timed out, their session ID is no longer good and therefore you can take a particular action like redirect them to login page.
Assuming nothing works out. You may want to consider below mentioned approches:
Approach 1:
Create a cookie on browser and have encrypted timestamp in it that will contain last visited/request timestamp from browser, for each request first get get this cookie value and compare with the pre-defined session out time, if session-out time reached then redirect user to error page else serve the request. On logout delete the cookie.
Why encrypted value for timestamp: if somehow user gets to know about cookie used for session timeout then (s)he can change this value in browser and keep on sending this request.
Approach 2:
You can also achieve this by making an entry in your database for every logged-in user and updating timestamp in this database for each request. For each incoming request get this timestamp from database and compare it with pre-defined value for timeout and handle accordingly. On logout delete the entry.
In both the approaches explicitly perform response.redirect("errorPageUrl");

Resources