I'm having a problem similar to the one in this post: JMeter; session cookie, but approached from a different angle.
The similarity is at the bottom of the post, where the OP writes:
How... can I set and submit a unique cookie for each user whose value is extracted from the first Response Header?
We're using JMeter for load testing, and need to have several users logged in to our email client at once. The way our website (and test plan) works is:
Enter username/ password, click Sign In.
Click Email.
Receive auth token (used for staying signed in to the email client) in a cookie.
Upon interaction with the email client (open a folder, mark an email as read, etc), send the auth token in the post body.
The problem is that the auth token is not getting stored as a value in such a way that it can be used in a POST request (and because the auth token is not sent as a cookie, we can't simply store it and send it with an HTTP Cookie Manager). The cookie is initially set like this:
AUTH_TOKEN=(long string of letters, numbers, and underscores); Domain=.ourdomain.net; Path=/
We've tried the following to extract the auth token value from the cookie:
Using a Regular Expression Extractor to extract the value from the response header of the "Click Email" step. We've tried two regular expressions; both simply cause JMeter to use the default auth token value when the test is run:
AUTH_TOKEN\=(\w+)\;
AUTH_TOKEN=([^;]+);
Defining the property "CookieManager.save.cookies=true" (as suggested by the user manual) and "CookieManager.check.cookies=false" (as suggested in this thread) in user.properties, then using "${COOKIE_AUTH_TOKEN}" in the post body.
With either or both of these in place, JMeter sets ${COOKIE_AUTH_TOKEN} as the auth token value in the post body.
We know that ${COOKIE_cookieName} is the correct format, as this has worked with other cookies that JMeter is storing.
I've read through a number of threads but none have dealt with this specific issue. I just started learning how to use JMeter a few weeks ago, so I'm not sure what to do here, and any help would be greatly appreciated. Thanks!
The problem was actually being caused by an incorrect request being sent to the server, to which it was then sending a blank response. Once we tore down and rewrote the entire test plan (what we were using was actually a modified version of another test plan) and had CookieManager.save.cookies=true in user.properties, we were able to use ${COOKIE_AUTH_TOKEN} and get the correct value.
Related
I am trying to do the load testing of salesforce.com. I am logging via test.salesforce.com which is redirecting me to the console url. Now, subsequent post request accepts following post parameters.
ViewStateCSRF
ViewStateMAC
visualforce.ViewState
But this post request is failing with "invalid session" error message.
I am guessing this is because of CSRF token. I am trying to extract(post processor in Jmeter) CSRF token, but I am unable to find this token anywhere in the response/cookie of previous requests. In one of the HTML response, I can find few CSRF tokens(e.g: runApexCsrfToken, consoleAjaxCsrfToken etc). I have tried all of them but no result.
To summarize my problem: I need to pass csrf token in post login request but I am unable to find this token in previous responses.
Could you please help me with this.
PS: I have tried get request on "https://c.salesforce.com/libs/granite/csrf/token.json" after login but did not find any token in response.
Make sure to add HTTP Cookie Manager to your Test Plan
Make sure to check all response fields as the token can be a part of URL or come as a HTTP Header
You need to correlate not only ViewStateCSRF but all other dynamic parameters as well
If you have problems with identifying the source for the dynamic parameters values you can try recording your scenario using cloud-based proxy service, it is capable of exporting recorded scripts in "SmartJMX" mode with automatic detection and correlation of dynamic parameters. See How to Cut Your JMeter Scripting Time by 80% article for more details
I want to do performance testing of my site which uses the Azure AD authentication. In order to login to the site 3 requests are called.
in first request the clientid is passed
in the second request in the URL it is creating one parameter 'tx' and it has some value. Rest it creates the csrf token which I am extracting successfully.
But I am facing problem in extracting the value of 'tx'
I am checking the value in the previous requests response but I am not able to find it. Is there anything that I am missing? I checked it on Fidler too somehow I am not getting the value of the tx.
I would suggest that you perform the login action in Chrome (say) with Developer Tools > Network open - and on the second request (sending 'tx') get the value that is sent by the browser, then search for that value in the previous response - and find how that is represented as parameters in the downloaded data.
I had a similar requirement and ended up Writing PostProcessor (to extract a value and save in a variable) and PreProcessor (to inject the variable value into the posted parameter) - you may need to process HTML, javascript or embedded JSON in the initial response.
The fact is that (more-and-more) Web Applications are embedding functionality in client-side javascript and you need to set JMeter up to emulate this.
I'm having trouble with getting my site normally loaded during the performance testing in Apache JMeter. Firstly I recorded the script (by BadBoy), containing authorization and visiting some pages, unavailable without login. Next, I exported it to JMeter, configured Regular Expression Extractor to get the csrftoken from the request right before the authorization request and it looks like it works just fine:
no errors in http-requests
But if to look at the tab "Response data" of every post-authorized request, the content isn't like correctly loaded page, it just starts page with the empty authorization form, i.e. in some way session is new though all the requests have the same session id and csrftoken in Cookie Data and in Set-Cookie (Sample result), appeared in authorization request result.
HTTP Cookie Manager is added.
Did anyone face this trouble?
UPDATE: I've conducted an experiment with transferring cookies from Chrome to Mozilla Firefox, copied 'csrftoken' and 'session id', and - voila! - it worked, I got the same authorized session in two browsers. Still have no idea what's wrong with JMeter
JMeter automatically treats HTTP Response Codes below 400 as successful, it doesn't perform any checks of response body. Most likely your Regular Expression Extractor failed, add a Debug Sampler and double check resulting variable value.
There could be also the following possible reasons:
You might need to send CSRF token in encoded/escaped form so using i.e. __urlEncode() function will be required. Or vice versa.
Application may expect the token in multiple locations, i.e. not only as a form parameter, but as an extra HTTP Header. In that case you will need to pass it via HTTP Header Manager
You might also want to try the new step-by-step debugger for JMeter to get to the bottom of the issue.
This is the default behavior of this token. 1. make sure where these tokens are passed. It might be passed multiple times. Check the header. Generally, "xref-token" is again passed.
It should be in exact format, decode it if required, also remove , or ; or /. You can also use fiddler.
The solution was found after recording a script by Blazemeter plugin in Chrome and further exporting it in '.JMX' format. Adding an HTTP Header Manager like this (with its special fields, of course) to each HTTP Request solved the problem.
I m doing performance testing of application which has login.I took the token from response body and pass in another request which is submitting the login page.
But interesting thing is that i see two different tokens in the first page one in response header another response body .So question is which one is to grab.
Which token to use depends on the application that you are using (and the way it is designed).
So, the best (and first) thing is, find out which security token is passed in the next page, by analyzing the http requests using HTTP trace tools (ex: Fiddler, Firebug etc) manually.
I am testing particular application using JMeter 2.9.There My test plan is Thread group--> Transaction Controller.Inside that various recorded requests are there.I am using HTTP request defaults,HTTP Cookie manager and HTTP header manager,and a view result tree for validation.I found one token i.e. CSRF token to be correlated and I did correlation.But for a particular request I am finding "Session expired..Login again" response much before the logout request.My transaction flow is to Login--> Search a content-->Logout.
Please help me finding a solution.
Try put the element: HTTP Cookie Manager in Thread Group, first item.
the problem can be in the following areas:
-you were redirected automatically instead of following redirects
-login hasn't succeeded
-the session id has not been successfully passed on to the request after login
The JMeter documentation states this:
I've set up JMeter to sample the same URLs as my browser, why is JMeter not seeing the same responses?
There are various different reasons for this:
Cookies - make sure you added a Cookie Manager. Browsers process cookies unless you set them up otherwise, but JMeter does not process cookies unless you add a Cookie Manager.
User-Agent - the User-Agent is a header that is sent by browsers; it identifies the browser type. Some servers are sensitive to this setting and generate different results for what they think are different browsers. The Header Manager is used to add headers such as User-Agent.
Hidden fields - if you did not use the JMeter Proxy (or other application) to record the test plan, then it is easy to miss hidden fields from forms.
Dynamic field names/content - some servers use varying names for fields. So although the test plan may be correct at the time of creation, it does not work when replayed.
URL rewriting - TBA
from http://wiki.apache.org/jakarta-jmeter/DifferentBehaviour