I am trying to record a scenario in JMeter which will able me to login in application and perform some actions, but I am stuck in the logon stage when I am trying to reproduce the recorded scenario. I had set an a proxy in a browser, set a root JMeter certificate and JMeter records everything.
In the login I am performing POST request like this:
POST https://ip:port/api/logon
POST data:
{"user":"text","member":"text","password":"text"}
Cookie data:
JSESSIONID=node{random}.node{random}
But it fails with response code 400 (Bad request).
I believe that I should capture X-XSRF-TOKEN and use it to be able to access session in a right way, but I can not do it. I am trying before this request to capture the X-XSRF-TOKEN into ${token} variable using JMeter's regular expression extractor. I can see it in the "response headers", but still can not find a way to capture it to be able to log in this resource.
How to log in HTTPS resource using JMeter test script recorder saving X-XSRF-TOKEN?
Update: I figured out how to get an a XSRF-TOKEN from the response header, using regexp. It is in this format: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie Also I've used info from this article: https://www.blazemeter.com/blog/how-load-test-csrf-protected-web-sites
To get it I am using JMeter's Regular Expression Extractor, where:
Field to check: Response-Headers
Regular expression: Set-Cookie: XSRF-TOKEN=([^;]+?)
I find out that JMeter's regexp parser probably greedy and reverse.
Template: $1$
Match No.: 1
Default Value: NOT_FOUND
After that I am giving ${XSRF_TOKEN} to the X-XSRF-TOKEN field in HTTP Header manager for the next HTTP requests, but when I am starting the scripts, it still won't work and sends me a new X-XSRF-TOKEN in response header.
Update №2:
I find out that jmeter do not send all cookies required by opening developer console in the Chrome Browser -> Network [Record]. It sends JSESSIONID cookie, but not XSRF_TOKEN cookie. Now I am struggling with adding this cookie to my request for it to be able to estabilish a session. Seems that just adding it in a HTTP Cookie Manager like:
Name: XSRF-TOKEN Value: ${XSRF_TOKEN} Domain: XXX Path: / Secure: yes\no
won't work because variable value not assigning and it just shows me ${XSRF_TOKEN} in the cookie send request.
