Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cookie Manager of Apache JMeter doesn't add the cookie to POST request

Tags:

cookies

jmeter

I build up very simple test plan.

  1. Login: POST, a session cookie is returned.
  2. Get the state: GET, a user state is returned.
  3. Create a resource: POST, JSON body is supplied for the resource.

So my 'Test Plan' looks like:

  • Test Plan
    • Thread Group
      • HTTP Request Defaults
      • HTTP Cookie Manager
      • Login (HTTP Request Sampler: POST)
      • Get State (HTTP Request Sampler: GET)
      • Create Resource (HTTP Request Sampler: POST)

The cookie generated by 'Login' is added to 'Get State' correctly.
But 'Create Resource' has NO cookie. I changed their order but it doesn't help. I used the default options firstly and changed some options but it also doesn't help.

Is it a bug of JMeter? or just POST http request is not able to have cookie?
Please give me any advice.

[SOLVED]
I noticed that it is related to the path, not the method.
You'd like to look at the domain of the cookie as well as the path. I mean, the path and the domain of a cookie could be defined in the server side through Set-Cookie header.

like image 580
user1254330 Avatar asked Oct 19 '12 02:10

user1254330


People also ask

What is the use of HTTP Cookie Manager in JMeter?

The cookie manager stores and sends cookies just like a web browser. If you have an HTTP Request and the response contains a cookie, the Cookie Manager automatically stores that cookie and will use it for all future requests to that particular web site. Each JMeter thread has its own "cookie storage area".


1 Answers

Another solution is to set CookieManager.check.cookies=false in jmeter.properties usually sitting besides the jmeter startup script in bin.

JMeter for some reasons thinks that you can't set the path=/something in a cookie if you are on http:/somesite/somethingelse. That is the path has to match the path your currently on.

I've never seen a browser enforce this limitation if it actually exists. I've seen and written several sites that use this technique to set a secure cookie and then forward someone say to /admin.

I wish this option was at least in the GUI so I didn't have to change the properties file. I think BlazeMeter is smart enough to turn off checking where flood.io is not. If it were up to me I'd just remove the code that checks this entirely. Why make the load tester any harder then it needs to be.

like image 161
Eric Twilegar Avatar answered Oct 03 '22 07:10

Eric Twilegar