jmeter auth token issue

Question

I have internal web application, which I have to test using Jmeter. The application has secure protections as a username, password and auth token. Auth token is changing with every new session. I'm unable to path through secure token. Token is include in URL, which look like

http://mytraining.application.net/(S(vj1ckr0nqyvjq3blehcl2jwl))/ApplDefault.aspx?tabid=1. Cookies has look like
Cookie: AUTH_TOK_vj1ckr0nqyvjq3blehcl2jwl=vj1ckr0nqyvjq3blehcl2jwl; AUTH_TOK_syq3r1yu4equ515xzunjobhb=syq3r1yu4equ515xzunjobhb;

So, my Jmeter able to successfully run only when I submit current token in URL. Please let me know if you have any idea, how to avoid submitting token in all places (35) every time.

[![enter image description here][1]][1]

My AUTH_TOKEN

Regular Expression

score 0 · Answer 1 · answered Sep 12 '16 at 04:34

It seems you can figure you your Auth_TOK value from the cookies

Add the next line to user.properties file (located in JMeter's "bin" folder
```
CookieManager.save.cookies=true
```
Restart JMeter to pick the property up
Add HTTP Cookie Manager to your Test Plan
Now you should be able to see Cookies stored as JMeter Variables using Debug Sampler and View Results Tree listener combination and use cookies values as part of your URL

I would also recommend checking out ASP.NET Login Testing with JMeter as my expectation is that you will have to deal with few other dynamic parameters.

Thank you Dmitri and Naveen. Yours answers were very helpful, but I still have issues. Later, I will add more details. — Vadim Zvenigorodskiy, Sep 14 '16 at 23:17

score 0 · Answer 2 · answered Sep 12 '16 at 07:37

0

First try with HTTP Cookie Manager as mentioned by Dmitri. This would work if auth token is used in Headers, like Cookie header. Jmeter automatically fetches from Set-Cookie Header, set by server, (when you add HTTP Cookie Manager) for each thread and store it locally, so that it can use in subsequent requests.

If Auth token is used in other places (but not headers) such as part of Url, request body etc, then we should explicitly capture it using Regular Expression Extractor (post processor) and Regular Expressions Jmeter to correlate the dynamic values. Once you capture the value into a local_variable, we replace the actual values by local_variable (Reference name field in Regular Expression Extractor) wherever we observe the dynamic value in subsequent requests, here auth token, using syntax ${local_variable}.

answered Sep 12 '16 at 07:37

Naveen Kumar R B

6,248
5
32
65

Unfortunately, still have issue. Can't figure out what I did wrong. – Vadim Zvenigorodskiy Sep 20 '16 at 13:26
Keep the regular expression extractor as child under sampler, in which response AUTH_TOK is returned. May I know what is the error you are getting? In Screen shot attached, request headers contains Cookie header which has multiple AUTH_TOK values. Are you capturing all of them using RegEx? Use [Debug Sampler[(http://jmeter.apache.org/usermanual/component_reference.html#Debug_Sampler) to know the values captured by Regular Expression Extractor. Compare the Cookie sent in browser (use any browser->F12->Network tab) and Cookie sent using Jmeter (View Results Tree), please share both the values. – Naveen Kumar R B Sep 20 '16 at 14:11
As I can see AUTH_TOKEN is used in Cookie headers, what is the result when you used HTTP Cookie Manager only (After following the steps mentioned by Dmitri)? – Naveen Kumar R B Sep 20 '16 at 14:14

jmeter auth token issue

2 Answers2