I am trying to run jmeter to load test vaadin13 application following the article here How to perform an Load Test/Performance Test with Vaadin 10 (is it possible with Jmeter?) which is absolutely very helpful. However, i encounter being return for(;;);[{"meta":{"sessionExpired":true}}] for every request which i am clueless.
I check that Vaadin-Security-Key is extracted correctly. Check the request data csrfToken, node is replaced with the value correctly. I am clueless on what i am missing here. Would like to seek advice what else i am missing. Thanks in advance.
Request payload (data) you are sending is JSON. I guess you have not set Content-Type header in your request and Vaadin cannot read payload you have sent, thus cannot read csrfToken which is needed to validate session.
You can set headers using HTTP Header Manager component. If all requests are sending json data, you can add this component on Thread Group level, and if only certain requests needs it you can add it to specific HTTP Sampler...
For json-type requests, content-type header should have value application/json; charset=UTF-8.
I hope this will resolve issue you are facing...
There are a lot of ids that need to be correlated when writing a test plan for VAADIN.
If the answer you're pointing at did not work for you, it will be easier to try to use this autocorrelator for Vaadin.
Disclaimer: We are providers of this solution
As you can see in your request POST data, you have CSRF Token. You need to correlate the CSRF Token and that error should resolve.
Related
I encounter {"result":560,"type":"exception"} response for axs request in jmeter while designing a script to do a load test for a mendix web application. First I encountered untheorized response on login so i used reg. expression extractor to extract CSRF-TOKEN and then login worked fine. after login and try to submit an application, i got {"result":560,"type":"exception"} response. what might be the issue and how can it be solved?
Response body
Response header
Request body
Request header
The issue is that you're sending an incorrect request. Unfortunately we cannot state what exactly is wrong because we need to see both:
Reference successful request including URL, headers and body from i.e. real browser
The request from JMeter which fails including URL, headers and body
So I can only suggest to use a 3rd-party sniffer tool like Wireshark or Fiddler to capture the requests from the real browser and JMeter and compare them. Request must be exactly the same (apart from dynamic parameters which need to be correlated). Given you send the same request as browser does you should get the same (successful) response
Other things to consider:
Check your server log, it might be the case you will figure out the reason from there like it was in this forum thread
Given you have Arabic characters in the request body ensure to use proper encoding, i.e. UTF-8 is always a good choice
I am trying to do the load testing of salesforce.com. I am logging via test.salesforce.com which is redirecting me to the console url. Now, subsequent post request accepts following post parameters.
ViewStateCSRF
ViewStateMAC
visualforce.ViewState
But this post request is failing with "invalid session" error message.
I am guessing this is because of CSRF token. I am trying to extract(post processor in Jmeter) CSRF token, but I am unable to find this token anywhere in the response/cookie of previous requests. In one of the HTML response, I can find few CSRF tokens(e.g: runApexCsrfToken, consoleAjaxCsrfToken etc). I have tried all of them but no result.
To summarize my problem: I need to pass csrf token in post login request but I am unable to find this token in previous responses.
Could you please help me with this.
PS: I have tried get request on "https://c.salesforce.com/libs/granite/csrf/token.json" after login but did not find any token in response.
Make sure to add HTTP Cookie Manager to your Test Plan
Make sure to check all response fields as the token can be a part of URL or come as a HTTP Header
You need to correlate not only ViewStateCSRF but all other dynamic parameters as well
If you have problems with identifying the source for the dynamic parameters values you can try recording your scenario using cloud-based proxy service, it is capable of exporting recorded scripts in "SmartJMX" mode with automatic detection and correlation of dynamic parameters. See How to Cut Your JMeter Scripting Time by 80% article for more details
I'm having trouble with getting my site normally loaded during the performance testing in Apache JMeter. Firstly I recorded the script (by BadBoy), containing authorization and visiting some pages, unavailable without login. Next, I exported it to JMeter, configured Regular Expression Extractor to get the csrftoken from the request right before the authorization request and it looks like it works just fine:
no errors in http-requests
But if to look at the tab "Response data" of every post-authorized request, the content isn't like correctly loaded page, it just starts page with the empty authorization form, i.e. in some way session is new though all the requests have the same session id and csrftoken in Cookie Data and in Set-Cookie (Sample result), appeared in authorization request result.
HTTP Cookie Manager is added.
Did anyone face this trouble?
UPDATE: I've conducted an experiment with transferring cookies from Chrome to Mozilla Firefox, copied 'csrftoken' and 'session id', and - voila! - it worked, I got the same authorized session in two browsers. Still have no idea what's wrong with JMeter
JMeter automatically treats HTTP Response Codes below 400 as successful, it doesn't perform any checks of response body. Most likely your Regular Expression Extractor failed, add a Debug Sampler and double check resulting variable value.
There could be also the following possible reasons:
You might need to send CSRF token in encoded/escaped form so using i.e. __urlEncode() function will be required. Or vice versa.
Application may expect the token in multiple locations, i.e. not only as a form parameter, but as an extra HTTP Header. In that case you will need to pass it via HTTP Header Manager
You might also want to try the new step-by-step debugger for JMeter to get to the bottom of the issue.
This is the default behavior of this token. 1. make sure where these tokens are passed. It might be passed multiple times. Check the header. Generally, "xref-token" is again passed.
It should be in exact format, decode it if required, also remove , or ; or /. You can also use fiddler.
The solution was found after recording a script by Blazemeter plugin in Chrome and further exporting it in '.JMX' format. Adding an HTTP Header Manager like this (with its special fields, of course) to each HTTP Request solved the problem.
Can you explain how to construct a relevant HTTP Header or HTTP Request parameter holding CSRF value when an HTTP request has to be passed with a csrfmiddlewaretoken in Jmeter ?
CSRF protection can be handled just like any other dynamic mandatory request parameter or field, the right term to perform search on in performance testing world is Correlation
Check out How to Load Test CSRF-Protected Web Sites guide, it looks like to be exactly what you're looking for.
Try to implement correlation, after you have recorded the script. This is useful to pass dynamic values between different requests.
http://apache-jmeter.blogspot.com/2011/12/correlation-regular-expression.html
http://www.youtube.com/watch?v=j8bBiCeQ88w
If you have already implemented correlation and you are still getting errors, then you should bypass the token generation by writing code in Beanshell sampler to generate csrfmiddlewaretoken and then pass it to the next HTTP request (as per requirement).
hope this will help.
We recorded a business flow with Jmeter. In our script we have some asmx calls. All calls are sending requests in http format.
The recorded asmx requests are not sending any parameters (not possible to do correlation).
But after replay, all asmx calls are failing where we are sending some session values in cookies in our requests in view result tree. But not
Getting those sessions in any of the previous response.
Please help me out to fix it.
Thanks in advance
I believe that the problem is in cookies.
Try adding a HTTP Cookie Manager to your test plan. JMeter should be smart enough to handle cookies for you. If you have any cookies being sent via "Browser-derived Headers" - remove them.
If point 1 doesn't help you should be able to manually extract cookie data from Set-Cookie header via Regular Expression Extractor. Inspect View Results Tree Listener output for any Set-Cookie headers being sent in responses.
Don't forget to "tell" your Regular Expression Extractor to look at Headers response field (it defaults to Body)