I'm trying to do a simple load-test in a website which requires you to log in first.
I read the jmeter documentation about the cookie manager and looks like as long as I make all my requests within the same thread group where the cookie manager is the sessionID is shared among the http requests but is not my case.
The simple structure I have is:
Thread Group
HTTP Cookie Manager
HTTP Requests Defaults
Simple Controller
http request // POST method to authenticate in the site (this works fine, I get a session id)
http request // GET method (this one should use the same session id from the previous http requests but I get a new one instead)
I did this same web page flow in firefox using firebug to see the requests/responses and the session id is the same, the server doesn't send a new one so looks like the cookie manager is not keeping the same session id and using it for all the requests.
Can someone point me in the right direction? What I am doing wrong?
Check the get request sends the same jsessionid cookie in the request as the one returned in previous response.
If it's the case then check your login was fine, as it is probably root cause of issue
Related
I have a magic link to access a website without logging in, let's say the magic link is something like this
https://key.example.exampl.tr/auth/realms/test/protocol/openid-connect/auth?client_id=my-react-client&state=ba453a80-d991-4b3b-a791-3fc2629aea03&redirect_uri=https://test.example.exampl.tr/&scope=openid&response_type=code&user_id=d0bcdd07-3198-4ab6-9cfd-d0b6341dbe00&key=7a1b4163-76e8-465c-a914-c68f16761698
when I use the link in the browser it works as expected and accesses the home page without asking me to log in. BUT when I use the same link inside HTTP GET Request using JMeter, it redirects me to the login page. Why is that happening and how to solve it?
This is happening as you browser stores specific cookies and caches for the particular request, whereas for jmeter you will request a new session every time, if you are not using HTTP Cookie Manager and HTTP Cache Manager explicitly.
Try clearing your browser history, cookies & caches and hit the same request/url, it would also redriect to the login page and behave same as jmeter does
In Postman Or Jmeter, I want to call a POST API for 100 users in my collection, but after each user login, csrftoken is added to the cookie with the session, but the POST API fails when the cookie contains a csrftoken.
so how to delete the csrftoken from the cookie while maintaining the session ?
Use this as test-script in the postman request. (Note that you have to whitelist your domain in the cookie manager window if you run the collection from postman)
const cookieJar = pm.cookies.jar()
cookieJar.unset("domain.com", "csrftoken", function(error){
})
Refer documentation for more details
You don't need to remove this CSRF token cookie, you need to send correct one.
Not knowing the details of your application it is hard to say what exactly needs to be done, i.e. where the token comes from. If it is being sent by your application in the Set-Cookie header in JMeter it will be enough to add HTTP Cookie Manager
If it comes in the different header or in the response body - you will need to extract it from the previous response using a suitable JMeter Post-Processor and manually add the needed cookie in the HTTP Cookie Manager.
More information: How to Load Test CSRF-Protected Web Sites
I am trying to run a simple test in jmeter but i am stuck. The steps are:
Log in
Set the Cookie Manager
Access the landing page
The first 2 steps are successful, but i get status 403 "errorId":"AUTHENTICATION_REQUIRED" on the 3rd step. My guess is it is not getting the session from log in, but everything i 've tried hasn't worked. Here is my test plan:
Any suggestions?
JMeter's HTTP Cookie Manager obeys JMeter Scoping Rules, so if you put it as a child of the Setting Cookies request it will be applied to that request only, therefore cookies will not be available to the Landing Page
Try moving the HTTP Cookie Manager one level higher so your test plan would look like:
You should be able to see which cookies are being received and sent out using View Results Tree listener
I have recorded a script in JMeter, when I run it in view result tree URL gets changed automatically to some other page. My original request has no cookies while the page to which it redirects contain cookies. Later , I checked manually in my browser I saw cookies passing in the request. So, I added HTTP header manager with cookie data , I executed the test still it is redirecting. I thought to correlate cookie value but I can't get it in any response above. Can anyone suggest?
I am testing particular application using JMeter 2.9.There My test plan is Thread group--> Transaction Controller.Inside that various recorded requests are there.I am using HTTP request defaults,HTTP Cookie manager and HTTP header manager,and a view result tree for validation.I found one token i.e. CSRF token to be correlated and I did correlation.But for a particular request I am finding "Session expired..Login again" response much before the logout request.My transaction flow is to Login--> Search a content-->Logout.
Please help me finding a solution.
Try put the element: HTTP Cookie Manager in Thread Group, first item.
the problem can be in the following areas:
-you were redirected automatically instead of following redirects
-login hasn't succeeded
-the session id has not been successfully passed on to the request after login
The JMeter documentation states this:
I've set up JMeter to sample the same URLs as my browser, why is JMeter not seeing the same responses?
There are various different reasons for this:
Cookies - make sure you added a Cookie Manager. Browsers process cookies unless you set them up otherwise, but JMeter does not process cookies unless you add a Cookie Manager.
User-Agent - the User-Agent is a header that is sent by browsers; it identifies the browser type. Some servers are sensitive to this setting and generate different results for what they think are different browsers. The Header Manager is used to add headers such as User-Agent.
Hidden fields - if you did not use the JMeter Proxy (or other application) to record the test plan, then it is easy to miss hidden fields from forms.
Dynamic field names/content - some servers use varying names for fields. So although the test plan may be correct at the time of creation, it does not work when replayed.
URL rewriting - TBA
from http://wiki.apache.org/jakarta-jmeter/DifferentBehaviour