E commerce load test with complete flow - jmeter

I'm trying to do a load test of e commerce site with complete flow from product search, login to add to cart and submit. Product search and anonymous order is working fine but when I'm trying to run script for registered user it's not working. How can I fix this?Click here to download script

Your "download" link is broken or expired or whatever.
Most probably your request doesn't work for authorised users due to missing or improperly working correlation. Modern web applications cannot be just recorded and replayed as they widely use dynamic request parameters mostly for security reasons. So if this is the case your test needs to look as follows:
Open Login Page (usually GET request)
Extract dynamic parameters using one of matching JMeter Post-Processors and store them into JMeter Variables
Perform Login (usually POST Request) providing not only credentials, but also dynamic parameters values from the first request
Also make sure you add HTTP Cookie Manager to your Test Plan - it represents browser cookies and automatically deals with cookie-based authentication
You might want to try an alternative way of recording a JMeter test - using cloud-based proxy which is capable of exporting recorded tests in "SmartJMX" mode with automatic correlation of any dynamic parameters detected. Check out How to Cut Your JMeter Scripting Time by 80% article for more information.

Related

Not able to run Jmeter tests for Third party (Signicat) SSO login

I am trying to run performance test using Jmeter for my client application which uses Signicat, a third part identity verification site for SSO login. I cannot get through with jmeter execution for login. There is a dynamic token appended in one of the http requests related to login but I cannot find it in any of the previous responses to correlate.
Has anybody tried Performance tests with Signicat or any other SSO login ? I appreciate any suggestions or leads. Thank you.
PS: I tried to monitor the traffic in fiddler while accessing the site . I don't see the token source there as well.
Unfortunately your question doesn't contain sufficient level of details.
If you're seeing the dynamic token there are following possible options:
It needs to be correlated (extracted from the previous response), the possible sources are:
URL (as a part of a redirect)
response headers
response body
It needs to be generated, if the dynamic value is being generated by client-side JavaScript JMeter won't be able to execute the JavaScript, you will have to replicate the code using JSR223 PreProcessor and preferably Groovy as the language in order to generate the same value as the real browser does
Looking into Connecting your application chapter there are several possible protocols/options and it will require rather a story than a chapter to provide comprehensive instructions on each of them:
for some of them like "Other third party software" it is not even possible doing this remotely without knowing the infrastructure and the authentication/authorization processes.

How to make working login into Laravel 5.+ with JMeter?

I'm trying to test a few functions on my Laravel based website. However, I'm having difficulties logging in the website. I've used BlazeMeters Chrome plugin to record my events and save it in jmx file. Was able to do that and imported the file in JMeter. Now at login we are not just examine the email and password, but also a _token variable. This is individual for all visitors. Do I need and if yes, then how can I fetch the token for one user and use that at login time and any other time, when the _token was requested?
Bert
Your test flow should look like:
Open Login Page (usually HTTP Get Request)
Extract the token from the response using one of JMeter's Post-Processors (normally people use Regular Expression Extractor or CSS/JQuery Extractor)
Perform Login (usually HTTP Post Request) providing credentials and the token from the step 1
The process is known as correlation and there is a plenty of information on it over the Internet.
If you want to get things done faster you could consider an alternative way of recording a JMeter test scenario which automatically detects dynamic parameters, generates the relevant post-processors to extract them and store into JMeter Variables and substitutes parameters with the variables so you won't have to do it manually. Check out How to Cut Your JMeter Scripting Time by 80% article for more details.

Automated script logs out using JMeter

I am trying to automate testing of a web application.
I have recorded the test using JMeter proxy template (JMeter version is 3.2) and couple of times when I ran the test in the JMeter it ran properly but after sometime only some part runs properly.
Following are the steps I am doing:
Hitting the URL
Logging into the application
changing some feature in the application
and so on.
All the steps ran perfectly first few times but then after that only till login everything runs properly.
Just to be sure I tried passing the jsessionid from the first request to the next requests using the Regular "Expression Extractor". I can see in the View Results Tree that jsessionid is passed properly but next page after the step two still takes me into the login screen.
Any help will be very much appreciated.
I have attached screenshot for better understanding:
The response header of logged in page includes a sessionid which is used by another request while logging in.
All the sessionID are properly maintained still after logging in the next page takes me to the login page instead displaying what was done next in the recording.
When it comes to load testing of JSF-based web applications you need to take care at least of the following dynamic parameters:
JSESSIONID
javax.faces.Viewstate
JSESSIONID is a normal HTTP cookie so it is quite enough to add a HTTP Cookie Manager to deal with it
javax.faces.Viewstate is client state management mechanism which also acts as a security token to verify user's origin. So you will need to properly correlate it, i.e. extract from previous response using one of JMeter PostProcessors, store into a JMeter Variable and add as a parameter to the next request. Remember to do this for each and every request.
There might be more application specific dynamic parameters, the easiest way of detecting them is recording the same request (or scenario) 2 times, compare the recorded scripts, detect and work around the differences.

Full authentication is required to access this resource

I am getting the following error while searcing for an entity after successful login
Full authentication is required to access this resource unauthorized
I tried to correlate the items in response headers (VCAP_ID, JSESSIONID) but nothing works. I also observed that the
"sessionToken":"Undefined"
Please provide resolution.
First of all try adding HTTP Cookie Manager to your Test Plan
Double check your correlation post processors using Debug Sampler and View Results Tree listener combination to ensure that all variables are properly extracted. The latter one allows inspecting request and response details as well and has i.e. RegExp Tester mode allowing validating your Regular Expressions against server response without having to re-run the request
If after all you won't fell comfortable with handling dynamic parameters in JMeter you can try out an alternative option of JMeter scripts recording which is capable of exporting the recorded test in "SmartJMX" mode automatically detecting and handling any dynamic values. See How to Cut Your JMeter Scripting Time by 80% article for more details.

Why there is difference in test and data interaction speed when use API vs jmeter recording

I have a login function in website. I have tried 2 things to create load testing plan :
Record login scenario using jmeter and complete load test
Use login API, configure in Jmeter and complete load test
I realize that 2nd option from above is faster than 1st when running load test? Can anyone help me to understand why?
Well-behaved test should simulate end-user behaviour as close as possible, so basically you have at least 2 requests:
Open login page
Perform login
In addition when mimicking real browser you have to deal with a lot more data, i.e. complete HTML response, JavaScript, CSS, images, etc.
In case of API you have only one request consisting of username and password and one small response indicating whether login attempt successful or not.
I believe load test should be as close to reality as possible so I would recommend 1st option. Make sure that you add the next test elements to your Test Plan:
HTTP Cookie Manager
HTTP Cache Manager
HTTP Header Manager
and follow recommendations from How To Make JMeter Behave More Like A Real Browser guide for detailed instructions.

Resources