Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

JMeter stops sending JSESSIONID cookie when switched to SSL

Tags:

https

ssl

session-cookies

jmeter

I have a test plan that runs fine under http, and the Cookie Manager is correctly keeping my sessions in place. It is also capable of talking to the same server when switched to ssl, and even thinks everything is working correctly because it gets a 200 response with our custom message about not being logged in.

All I need to do to reproduce the behavior is switch from http to https. The test is still able to talk to the server, but I can see in the "View Results in Table" log that cookies has a JSESSIONID under http, and is empty under https. And each request under ssl is answered with a Set-Cookie for JSESSIONID.

like image 816
Brian Deacon Avatar asked Nov 06 '22 02:11

Brian Deacon

1 Answers

Interesting scenario. Does the Jmeter log file offer any clues?

Could it be that Jmeter needs a copy of the certificate to properly store the SSL cookie? The console would display a handshake problem, which can be resolved by adding the certificate into the key store: http://www.java-samples.com/showtutorial.php?tutorialid=210

You might be able to do some further debug by writing out the cookie value to a variable and logging its value:

Received Cookies can be stored as JMeter thread variables (versions of JMeter after 2.3.2 no longer do this by default). To save cookies as variables, define the property "CookieManager.save.cookies=true". Also, cookies names are prefixed with "COOKIE_" before they are stored (this avoids accidental corruption of local variables) To revert to the original behaviour, define the property "CookieManager.name.prefix= " (one or more spaces). If enabled, the value of a cookie with the name TEST can be referred to as ${COOKIE_TEST}.

Source: http://jmeter.apache.org/usermanual/component_reference.html#HTTP_Cookie_Manager

Edit: Somebody asked how my specific problem was solved. It turned out not to have anything to do with ssl specifically, but that other unrelated headers changed very slightly in their format, so the regex we were using to match on them started failing. So I'd start there with looking at your headers and comparing the difference between when you post http vs https

like image 187
BlackGaff Avatar answered Nov 09 '22 12:11

BlackGaff
Sign in to Comment

Related questions

Let's encrypt, Kubernetes and Traefik on GKE
docker-machine + docker-compose + ssl (lets encrypt through nginx & certbot)
Mutual authentication using Retrofit Android
Kubernetes TLS Ingress route with cert-manager and SelfSigned ClusterIssuer not working
Nginx allow traffic from any domain
Spring Boot Blocked Connection Pool with enabled SSL
How to compile python3 on RHEL with SSL? SSL cannot be imported
Is it possible to install/access SSL for my Google App Engine app?
ASP.NET MVC - How to Redirect Secure?
Pre-built login / authentication component for a php app?
How to link non thread-safe library so each thread will have its own global variables from it?
SSL website in rails forwards me to a url with port 443 suffix
SSL certificate verification fails, how to figure out what's causing it?
Python requests.exceptions.SSLError: EOF occurred in violation of protocol
Is HTTP status code 426 Upgrade Required only meant signal an upgrade to a secure channel is required?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!