How do you test pages that require authentication with Selenium?

Question

I need to test a web application using Selenium. The app is fairly common in its setup: it requires signing in for most of the functionality to be exposed. Upon loading a page, if the user is not authenticated, it will redirect to a login form and then back to the requested page once credentials are supplied.

What's the usual way to go around this with Selenium? I take it people are not logging in on every single test as this would cause significant overhead on big test suites. Is there a way to set up a session in a test and then use the cookie information for subsequent tests, or do a conditional sign-in (without incurring in massive code repetition!)?

I am using PHPUnit with Selenium ATM.

Thank you!

Gonzalo

Answer 1

(I'm using C#+NUnit+Selenium RC)

Most of the time, each test goes through the login form. However, if I'm writing a series of tests that are very short (< 10 seconds each) and there are a lot of them, I usually share the same browser instance across tests by moving the selenium start\close calls from the SetUp\TearDown methods to the Test Fixture SetUp\TearDown methods. This avoids the cost of re-authenticating as well as the cost of launching a new browser every time. I'm sure you can do something similar with PHPUnit.

Answer 2

If this is basic http auth you can use the username/password with the url request as documented in the Selenium FAQ: http://wiki.openqa.org/display/SEL/Selenium+Core+FAQ#SeleniumCoreFAQ-HowdoIuseSeleniumtologintositesthatrequireHTTPbasicauthentication%28wherethebrowsermakesamodaldialogaskingforcredentials%29%3F

How do I use Selenium to login to sites that require HTTP basic authentication (where the browser makes a modal dialog asking for credentials)?

Use a username and password in the URL, as described in RFC 1738: Test Type open http://myusername:[email protected]/blah/blah/blah

Note that on Internet Explorer this won't work, since Microsoft has disabled usernames/passwords in URLs in IE. However, you can add that functionality back in by modifying your registry, as described in the linked KB article. Set an "iexplore.exe" DWORD to 0 in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE.

If you don't want to modify the registry yourself, you can always just use Selenium Remote Control, which automatically sets that that registry key for you as of version 0.9.2.